Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
ce1227ea
Commit
ce1227ea
authored
Jan 03, 2017
by
jovimon
Committed by
GitHub
Jan 03, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #194 from pekeinfo/cerber5b
New rule Cerber5
parents
42ce5248
94c77f0d
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
12 additions
and
0 deletions
+12
-0
RANSOM_Cerber.yar
malware/RANSOM_Cerber.yar
+12
-0
No files found.
malware/RANSOM_Cerber.yar
View file @
ce1227ea
...
...
@@ -41,3 +41,15 @@ strings:
condition:
1 of them
}
rule cerber5b{
meta:
author = "pekeinfo"
date = "2016-12-20"
description = "Cerber5b"
strings:
$a={8B ?? ?8 ?? 4? 00 83 E? 02 89 ?? ?8 ?? 4? 00 68 ?C ?9 4? 00 [0-6] ?? ?? ?? ?? ?? ?8 ?? 4? 00 5? FF 15 ?? ?9 4? 00 89 45 ?4 83 7D ?4 00 75 02 EB 12 8B ?? ?0 83 C? 06 89 ?? ?0 B? DD 03 00 00 85}
condition:
$a
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
