Common Information
| Type | Value |
|---|---|
| Value |
rule lazarus_dtrack_unpacked {
meta:
author = " Withsecure Threat Intelligence "
description = "Detects lazarus acres.exe 64bit rat written with QT framework"
date = "2023-01-01"
strings:
$str_nopineapple = "< No Pineapple! >"
$str_qt_library = "Qt 5.12.10"
$str_xor = { 8B 10 83 F6 ?? 83 FA 01 77 }
condition:
uint16(0) == 0x5A4D and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |