Common Information
| Type | Value |
|---|---|
| Value |
rule hermetic_wiper {
meta:
description = "Yara rule for the detection of DiskKill/HermeticWiper sample"
author = "Yoroi Malware ZLab"
last_updated = "2022-02-24"
tlp = "WHITE"
category = "informational"
strings:
$a = { 45 8C 66 0F D6 45 9C FF D3 50 FF D7 8B F8 85 FF 0F 84 F7 00 00 00 6A 00 8D 85 78 FF FF FF 50 6A 60 57 6A 00 6A 00 68 64 00 09 00 FF 75 A4 FF 15 64 50 40 00 57 6A 00 85 C0 75 10 FF D3 8B 3D 70 }
condition:
$a and uint16(0) == 0x5A4D
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |