Common Information
| Type | Value |
|---|---|
| Value |
rule JollyJellyfish_unique_messagebox_display_string {
meta:
author = "NCSC"
description = "Detects the string displayed by the message box in
some variants of Jolly Jellyfish"
date = "2021-12-15"
hash1 = "d28eacb1b4d2e9ef54f7dff09ca03a6866fc9184"
hash2 = "834e80f6fa9935fd3184c25e4e37b0a068a773ee"
strings:
$popuptext = { E4 AF C0 C0 C6 F7 B2 E5 BC FE D2 D1 BE AD B3 C9 B9 A6 B8 FC D0 C2 A3 AC C7 EB D6 D8 C6 F4 E4 AF C0 C0 C6 F7 A3 A1 }
condition:
uint16(0) == 0x5A4D and uint32(uint32(0x3c)) == 0x00004550 and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |