Yara Rule - 실행 파일에서 Xored URL을 감지

Yara Rule - 실행 파일에서 Xored URL을 감지

Yara 정의.

Yara Rule - Detects an XORed URL in an executable

Yara definition.

Author: Florian Roth (Nextron Systems)

https://twitter.com/stvemillertime/status/1237035794973560834

date = "2018-09-27"
score = 75
hash1 = "e3bb02c5985fc64759b9c2d3c5474d46237ce472b4a0101c6313dafa939de5a9"
hash2 = "0ecf88d4b32895b4819dec3acb62eaaa7035aa6292499d903f76af60fcec0d6a"
hash3 = "a7a48f5220bd1ebe04de258d71fdd001711c165d162bd45e8cfbe8964eddf01c"
date = "2020-03-09"
modified = "2022-09-16"
score = 50
$s1 = "http://" xor
$s2 = "https://" xor```


[https://github.com/Neo23x0/signature-base/commit/435d67c96e32347a82a14951aab432b84b615441](https://github.com/Neo23x0/signature-base/commit/435d67c96e32347a82a14951aab432b84b615441)