Yara Rule - 의심스러운 크기 또는 내용으로 의심스러운 .REGTRANS-MS 파일을 감지합니다
Yara 정의.
Yara Rule - Detects suspicious .regtrans-ms files with suspicious size or contents
Yara definition.
Author: Florian Roth
https://www.3cx.com/blog/news/mandiant-initial-results/
date = "2023-04-12"
score = 60
$fp1 = "REGISTRY" wide
extension == ".regtrans-ms" and (```
[https://github.com/Neo23x0/signature-base/commit/7b803edc9d475c7454aa1978fb7d8371d854c6eb](https://github.com/Neo23x0/signature-base/commit/7b803edc9d475c7454aa1978fb7d8371d854c6eb)