Yara Rule - 핵심 붉은 리브스 쥐를 식별하는 현
Yara 정의.
Yara Rule - Strings identifying the core REDLEAVES RAT in its deobfuscated state
Yara definition.
Author: USG
https://www.us-cert.gov/ncas/alerts/TA17-117A
date = "2018-12-20"
modified = "2024-04-17"
id = "fd4d4804-f7d9-549d-8f63-5f409d6180f9"
$unique2 = "RedLeavesSCMDSimulatorMutex" nocase wide ascii
$unique4 = "red_autumnal_leaves_dllmain.dll" wide ascii
$unique7 = "\\NamePipe_MoreWindows" wide ascii
not uint32(0) == 0x66676572 // not regf (registry hives)```
[https://github.com/Neo23x0/signature-base/commit/6f75aa54e39bdfccc444ed829caf53c2b4a699b8](https://github.com/Neo23x0/signature-base/commit/6f75aa54e39bdfccc444ed829caf53c2b4a699b8)