Common Information
| Type | Value |
|---|---|
| Value |
rule Trojan_NOOPLDR_xml {
meta:
Author = "Trend Micro"
Created_Time = "2024-01-26"
strings:
$s1 = "<Code Type=\"Class\" Language=\"cs\"><![CDATA[using "
$s2 = "Software\\\\Microsoft\\\\SQMClient"
$s3 = ".GetValue(\"MachineId\").ToString()"
$s4 = "SHA384.Create();"
$s5 = "new byte[32];Array.Copy("
$s6 = "new byte[16];Array.Copy("
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |