1ZRR4H

Yara RansomEXX (BR)

Feb 5th, 2021
486
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. rule RansomwareESXi
  2. {
  3. strings:
  4. $string1 = "ransomware.c" nocase
  5. $string2 = "cryptor.c" nocase
  6. $string3 = "logic.c" nocase
  7. $string4 = "enum_files.c" nocase
  8. $string5 = "aes.c" nocase
  9. $string6 = "rsa.c" nocase
  10. $string7 = "crtstuff.c" nocase
  11. $string8 = "mbedtls" nocase
  12. condition:
  13. all of them}
  14. rule BackdoorNotepad
  15. {
  16. strings:
  17. $string1 = "c:\\windows\\INF\\config.dat" nocase
  18. condition:
  19. $string1
  20. }
  21.  
  22.  
  23.  
RAW Paste Data