Common Information
| Type | Value |
|---|---|
| Value |
rule MTI_Hunting_INDUSTROYERv2_Bytes {
meta:
author = "Mandiant"
date = "04-09-2022"
description = "Searching for executables containing bytecode associated with the INDUSTROYER.V2 malware family."
strings:
$bytes = { 8B [2] 89 [2] 8B 0D [4] 89 [2] 8B 15 [4] 89 [2] A1 [4] 89 [2] 8B 0D [4] 89 [2] 8A 15 [4] 88 [2] 8D [2] 5? 8B [2] E8 }
condition:
filesize < 3MB and uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and $bytes
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |