Common Information
| Type | Value |
|---|---|
| Value |
rule dragos_crashoverride_wiperFileManipulation {
meta:
description = "File manipulation actions associated with CRASHOVERRIDE wiper"
author = "Dragos Inc"
strings:
$s0 = { 6A 00 68 80 00 00 00 6A 03 6A 00 6A 02 8B F9 68 00 00 00 40 57 FF 15 1C ?? ?? ?? 8B D8 }
$s2 = { 6A 00 50 57 56 53 FF 15 4C ?? ?? ?? 56 }
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |