rule JollyJellyfish_pdb_string {
	meta:
		author = "NCSC"
		description = "Detects the Jolly Jellyfish PDB string"
		date = "2021-12-15"
		hash1 = "e99d5a620a488133f4da24e1f8d2d5e68542b6f3"
		hash2 = "834e80f6fa9935fd3184c25e4e37b0a068a773ee"
		hash3 = "d28eacb1b4d2e9ef54f7dff09ca03a6866fc9184"
		hash4 = "ba5558d79dadc12bbbe07e3444441d51d5e5931e"
	strings:
		$pdb = "fishmaster.pdb"
	condition:
		uint16(0) == 0x5A4D and uint32(uint32(0x3c)) == 0x00004550 and any of them
}