Created
June 21, 2022 15:47
-
-
Save silence-is-best/1bc62a53c1a0ddb3a8bcdff19bc80c3e to your computer and use it in GitHub Desktop.
Matanbuchus yara
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Matanbuchus_name_only | |
| { | |
| meta: | |
| description = "Matanbuchus" | |
| author = "James_inthe_box" | |
| reference = "https://twitter.com/pr0xylife/status/1537511268591992840" | |
| date = "2022/06" | |
| maltype = "Loader" | |
| strings: | |
| $string1 = "Matanbuchus" ascii wide | |
| condition: | |
| all of ($string*) and filesize > 100KB | |
| } | |
| rule Matanbuchus_secondary_bin | |
| { | |
| meta: | |
| description = "Matanbuchus secondary" | |
| author = "James_inthe_box" | |
| reference = "8833f28dc0cadd4b3c5676981b2a76e1c0683f2e2b8e3dac8270622c12e032ef" | |
| date = "2022/06" | |
| maltype = "Loader" | |
| strings: | |
| $string1 = "LoadDLL" | |
| $string2 = "HackCheck" | |
| condition: | |
| all of ($string*) and filesize < 500KB | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment