Common Information
| Type | Value |
|---|---|
| Value |
import "pe"
rule dragos_crashoverride_suspcious {
meta:
description = "CRASHOVERRIDE v1 Wiper"
author = "Dragos Inc"
strings:
$s0 = "SYS_BASCON.COM" wide nocase fullword
$s1 = ".pcmp" wide nocase fullword
$s2 = ".pcmi" wide nocase fullword
$s3 = ".pcmt" wide nocase fullword
$s4 = ".cin" wide nocase fullword
condition:
pe.exports("Crash") and any of ($s*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |