admin/APT_REPORT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create apt28_backdoor_cls.yar

Browse Source
This commit is contained in:
blackorbird
2019-08-30 10:52:28 +08:00
committed by GitHub
parent 2a75936f5d
commit 90144df854
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
APT28/yara/apt28_backdoor_cls.yar Normal file
View File

@@ -0,0 +1,17 @@
rule apt28_backdoor_cls
{
strings:
$st1 = "AES_256_poco" ascii
$st2 = "TEncryption" ascii
$st3 = "shell" ascii
condition:
all of them
}
rule apt28_backdoor_crc32
{
strings:
$xor1 = { 48 8B 07 39 48 0C 75 3A 44 8B 70 08 4C 8B 38 4D 85 C0 74 2E 45 85 E4 74 29 }
condition:
$xor1
}