Common Information
| Type | Value |
|---|---|
| Value |
rule AmadeyBot {
meta:
author = "Cyble"
description = "Detects Amadey Bot Files"
date = "2023-08-10"
os = "Windows"
threat_name = "Amadey Bot"
scan_type = "Memory"
severity = 100
reference_sample = "a58f0d4b2a0100a12eb8a5690522d79d510adafa9235d11e4b714dda8c87b341"
strings:
$a = "/index.php" ascii wide
$b = "\\MsBuild.exe" ascii wide
$c = "id=" ascii wide
$d = "&av=" ascii wide
$e = "&pc=" ascii wide
$f = "&un=" ascii wide
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |