Common Information
| Type | Value |
|---|---|
| Value |
rule Thanatos {
strings:
$s1 = ".THANATOS\x00"
$s2 = "\\Desktop\\README.txt"
$s3 = "C:\\Windows\\System32\\notepad.exe C:\\Users\\"
$s4 = "AppData\\Roaming"
$s5 = "\\Desktop\x00"
$s6 = "\\Favourites\x00"
$s7 = "\\OneDrive\x00"
$s8 = "\\x00.exe\x00"
$s9 = "/c taskkill /im"
$s10 = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
condition:
6 of ($s1, $s2, $s3, $s4, $s5, $s6, $s7, $s8, $s9, $s10)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |