Common Information
| Type | Value |
|---|---|
| Value |
rule dragos_crashoverride_serviceStomper {
meta:
description = "Identify service hollowing and persistence setting"
author = "Dragos Inc"
strings:
$s0 = { 33 C9 51 51 51 51 51 51 ?? ?? ?? }
$s1 = { 6A FF 6A FF 6A FF 50 FF 15 24 ?? 40 00 FF ?? ?? FF 15 20 ?? 40 00 }
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |