Common Information
| Type | Value |
|---|---|
| Value |
rule mumblehard_packer {
meta:
description = "Mumblehard i386 assembly code responsible for decrypting Perl
code"
author = "Marc-Etienne M.Lveill"
date = "2015-04-07"
reference = "http://www.welivesecurity.com"
version = "1"
strings:
$decrypt = { 31 DB [1-10] BA ?? 00 00 00 [0-6] ( 56 5F | 89 F7 ) 39 D3 75 13 81 FA ?? 00 00 00 75 02 31 D2 81 C2 ?? 00 00 00 31 DB 43 AC 30 D8 AA 43 E2 E2 }
condition:
$decrypt
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |