Common Information
| Type | Value |
|---|---|
| Value |
rule CMTDownLoader {
meta:
description = "CMTDownLoader"
author = "LAC Co., Ltd."
strings:
$code1 = { 00 3C 21 2D 2D }
$code2 = { 0D 0A 2D 2D 3E 00 }
$str2 = "cmd /c echo"
$str3 = ".exe"
$str4 = ".bat"
condition:
uint16(0) == 0x5A4D and (all of them)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |