Yara Rule - 추가 맬웨어의 다운로더 역할을하는 가짜 문서/이미지 유틸리티 소프트웨어의 지표를 감지 - Neo23x0

Yara Rule - 추가 맬웨어의 다운로더 역할을하는 가짜 문서/이미지 유틸리티 소프트웨어의 지표를 감지

Yara 정의.

Yara Rule - Detects indicators of fake document/image utility software that acts as a downloader for additional malware

Yara definition.

Author: Jonathan Peters

https://nochlab.blogspot.com/2023/09/net-in-javascript-fake-pdf-converter.html

date = "2023-11-13"
hash1 = "ac5356ae011effb9d401bf428c92a48cf82c9b61f4c24a29a9718e3379f90f1d"
hash2 = "d1c29c2243c511ca3264ad568a6be62f374e104b903eca93debce6691e1c5007"
score = 80
$ = "tweakscode.com" wide
$ = "www.createmygif.com" wide
$ = "www.videownload.com" wide
$ = "www.pdfconverterz.com" wide
$ = "www.pdfconvertercompare.com" wide
uint16(0) == 0x5a4d```


[https://github.com/Neo23x0/signature-base/commit/7ad514199af574704c3f8da1f3daa1791cd535a3](https://github.com/Neo23x0/signature-base/commit/7ad514199af574704c3f8da1f3daa1791cd535a3)