Common Information
| Type | Value |
|---|---|
| Value |
rule SideWinderRTF {
meta:
author = "AT&T Alien Labs"
description = "Detects SideWinder RTF Files"
reference = "https://otx.alienvault.com/pulse/5f21d5b84d529ed134127a66"
strings:
$s1 = { 42 31 30 43 46 31 33 30 35 41 39 37 33 37 46 45 45 33 36 30 35 36 36 38 37 42 44 31 39 42 44 36 33 31 44 39 35 35 45 36 39 44 46 31 46 45 30 45 31 42 35 37 31 43 43 41 43 46 33 42 37 37 41 43 36 30 43 45 38 31 43 41 46 36 30 30 33 32 35 42 34 44 31 31 38 43 36 36 34 41 31 35 43 34 46 37 45 46 37 }
$s2 = { 30 30 36 31 30 30 30 31 30 35 30 30 30 30 30 30 30 30 30 30 30 30 7D 7B 5C 72 65 73 75 6C 74 20 20 7D 7D 7B 5C 6F 62 6A 65 63 74 5C 6F 62 6A }
$s3 = { 44 33 43 30 43 37 31 32 39 42 39 42 32 35 37 46 42 39 42 43 41 42 38 36 38 36 46 36 46 39 43 38 45 41 39 42 44 36 45 38 35 45 33 33 38 46 32 35 31 33 31 43 37 34 34 43 34 42 30 39 41 41 33 46 44 30 43 41 31 44 46 33 43 30 38 41 30 43 46 37 38 39 30 36 45 37 30 45 31 33 45 43 35 38 46 30 39 33 }
condition:
uint16(0) == 0x5c7b and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |