Common Information
Type Value
Value
rule Megumin : Megumin {
	meta:
		description = "Detecting Megumin v2"
		author = "Fumik0_"
		date = "2019-05-02"
	strings:
		$mz = { 4D 5A }
		$s1 = "Megumin/2.0" ascii wide
		$s2 = "/cpu" ascii wide
		$s3 = "/task?hwid=" ascii wide
		$s4 = "/gate?hwid=" ascii wide
		$s5 = "/suicide" ascii wide
	condition:
		$mz at 0 and (all of ($s*))
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2019-05-03 20 Let’s nuke Megumin Trojan