Show in Graph
Common Information
Type Value
Value 
import "pe"

rule dragos_crashoverride_exporting_dlls {
	meta:
		description = "CRASHOVERRIDE v1 Suspicious Export"
		author = "Dragos Inc"
	condition:
		pe.exports("Crash") & pe.characteristics
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Pdf 2018-09-11 31 CrashOverride_revised091118
Details Website 2017-06-12 37 CrashOverride Malware | CISA