Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule RansomwareESXi
- {
- strings:
- $string1 = "ransomware.c" nocase
- $string2 = "cryptor.c" nocase
- $string3 = "logic.c" nocase
- $string4 = "enum_files.c" nocase
- $string5 = "aes.c" nocase
- $string6 = "rsa.c" nocase
- $string7 = "crtstuff.c" nocase
- $string8 = "mbedtls" nocase
- condition:
- all of them}
- rule BackdoorNotepad
- {
- strings:
- $string1 = "c:\\windows\\INF\\config.dat" nocase
- condition:
- $string1
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement