Common Information
| Type | Value |
|---|---|
| Value |
import "pe"
rule S1deloadStealer_PDB_path {
meta:
author = "Acs David - Bitdefender"
date = "2022-12-05"
hash = ""
condition:
pe.is_pe and pe.pdb_path contains "C:\\Users\\KienTi\\Documents" and filesize <= 1MB and pe.imports("mscoree.dll")
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |