Yara Rule - 나사로 Gopuram 맬웨어 감지
Yara 정의.
Yara Rule - Detects Lazarus Gopuram malware
Yara definition.
Author: Arnim Rupp (https://github.com/ruppde)
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
license = "Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License"
date = "2023-04-04"
hash = "beb775af5196f30e0ee021790a4978ca7a7ac2a7cf970a5a620ffeb89cc60b2c"
hash = "97b95b4a5461f950e712b82783930cb2a152ec0288c00a977983ca7788342df7"
$path = "%s.TxR.0.regtrans-ms"
uint16(0) == 0x5A4D and $path and filesize < 10MB```
[https://github.com/Neo23x0/signature-base/commit/ee3e5888406cb73048d795cd9fcecf23410b9d31](https://github.com/Neo23x0/signature-base/commit/ee3e5888406cb73048d795cd9fcecf23410b9d31)