Common Information
| Type | Value |
|---|---|
| Value |
rule Windows_Trojan_Netwire_2 {
meta:
author = "Elastic Security"
os = "Windows"
arch = "x86"
category_type = "Trojan"
family = "Netwire"
threat_name = "Windows.Trojan.Netwire"
strings:
$a1 = "[%.2d/%.2d/%d %.2d:%.2d:%.2d]" fullword
$a2 = "\\Login Data"
$a3 = "SOFTWARE\\NetWire" fullword
condition:
2 of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |