Skip to content

R
rules
Commit f6ea141a by mmorenog Committed by GitHub
Options

Create MALW_TrickBot.yar

parent cc091cee
Showing with 2 additions and 2 deletions
malware/MALW_TrickBot.yar
...@@ -31,7 +31,7 @@ $str_systeminf_04 = ...@@ -31,7 +31,7 @@ $str_systeminf_04 =
$str_systeminf_05 = "</autostart>" $str_systeminf_05 = "</autostart>"
$str_systeminf_06 = "</moduleconfig>" $str_systeminf_06 = "</moduleconfig>"
condition: condition:
all of ($str_ systeminf_*) all of ($str_systeminf_*)
} }
rule MALW_dllinject_trickbot_module : Trojan rule MALW_dllinject_trickbot_module : Trojan
{ {
...@@ -44,7 +44,7 @@ $str_dllinj_02 = "<ignore_mask>" ...@@ -44,7 +44,7 @@ $str_dllinj_02 = "<ignore_mask>"
$str_dllinj_03 = "<require_header>" $str_dllinj_03 = "<require_header>"
$str_dllinj_04 = "</dinj>" $str_dllinj_04 = "</dinj>"
condition: condition:
all of ($str_ dllinj_*) all of ($str_dllinj_*)
} }
rule MALW_mailsercher_trickbot_module : rule MALW_mailsercher_trickbot_module :
Trojan Trojan
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment