Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
92983d44
Unverified
Commit
92983d44
authored
7 years ago
by
techhelplist
Committed by
GitHub
7 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
create RANSOM_Sigma.yar
add new rule for Sigma ransomware
parent
a03c6771
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
26 additions
and
0 deletions
+26
-0
RANSOM_Sigma.yar
malware/RANSOM_Sigma.yar
+26
-0
No files found.
malware/RANSOM_Sigma.yar
0 → 100644
View file @
92983d44
rule sigma_ransomware {
meta:
author = "J from THL <j@techhelplist.com>"
date = "20180509"
reference1 = "https://www.virustotal.com/#/file/705ad78bf5503e6022f08da4c347afb47d4e740cfe6c39c08550c740c3be96ba"
reference2 = "https://www.virustotal.com/#/file/bb3533440c27a115878ae541aba3bda02d441f3ea1864b868862255aabb0c8ff"
version = 1
maltype = "Ransomware"
filetype = "memory"
strings:
$a = ".php?"
$b = "uid="
$c = "&uname="
$d = "&os="
$e = "&pcname="
$f = "&total="
$g = "&country="
$h = "&network="
$i = "&subid="
condition:
all of them
}
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
