Common Information
Type | Value |
---|---|
Value |
rule dtrack_2020 { meta: author = "jeFF0Falltrades" strings: $pdb = "Users \\ user \\ Documents \\ Visual Studio 2008 \\ Projects \\ MyStub \\ Release \\ MyStub.pdb" ascii wide $str_log = "------------------------------ Log File Create...." ascii wide $str_ua = "CCS_Mozilla/5.0 (Windows NT 6.1" ascii wide $str_chrome = "Local Settings \\ Application Data \\ Google \\ Chrome \\ User Data \\ Default \\ History" ascii wide $str_tmp = "%s \\ ~%d.tmp" ascii wide $str_exc = "Execute_%s.log" ascii wide $str_reg_use = /net use \\\\[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\\C\$ \/delete/ $str_reg_move = /move \/y %s \\\\[ 0 - 9 ]{ 1 , 3 }\.[ 0 - 9 ]{ 1 , 3 }\.[ 0 - 9 ]{ 1 , 3 }\.[ 0 - 9 ]{ 1 , 3 }\\C\ $ \\Windows\\Temp\\MpLogs\\/ $hex_1 = { D1 ?? 33 ?? FC 81 ?? FF 00 00 00 C1 ?? 17 } $hex_2 = { C1 ?? 08 8B ?? FC C1 ?? 10 } $hex_3 = { 81 0D [4] 1C 31 39 29 } condition: 2 of them or $hex_3 } |
Category | |
Type | Yara Rule |
Misp Type | |
Description |