Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule Real_thin_client_bin_mem
- {
- meta:
- description = "Real Thin Client"
- author = "James_inthe_box"
- reference = "614772bdee2983b11b3569e22afa3449c0d1f54031896af9504959b473fedb36"
- date = "2019/11"
- maltype = "RAT"
- strings:
- $string1 = "$CLI-CRYPT$" wide ascii
- $string2 = "$CLI-OBJM$" wide ascii
- $string3 = "CLIMOD.CALL$" wide ascii
- $string4 = "CLIMOD.LOGIN$" wide ascii
- $string5 = "RTC Client" wide ascii
- condition:
- all of ($string*) and filesize > 800KB
- }
Advertisement
Add Comment
Please, Sign In to add comment
