Common Information
| Type | Value |
|---|---|
| Value |
rule MacOS_Trojan_RustBucket {
meta:
author = "Elastic Security"
creation_date = "2023-06-26"
last_modified = "2023-06-26"
license = "Elastic License v2"
os = "MacOS"
arch = "x86"
category_type = "Trojan"
family = "RustBucket"
threat_name = "MacOS.Trojan.RustBucket"
reference_sample = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747"
severity = 100
strings:
$user_agent = "User-AgentMozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"
$install_log = "/var/log/install.log"
$timestamp = "%Y-%m-%d %H:%M:%S"
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |