Yara Rule - 이 규칙은 큰 데이터 세트에 대해 테스트되지 않으며 사냥 목적으로 만 사용됩니다.
Yara 정의.
Yara Rule - This rule is UNTESTED against a large dataset and is for hunting purposes only.
Yara definition.
Author: netadr, modified by Florian Roth for FP reduction reasons
https://netadr.github.io/blog/a-quick-glimpse-sbz/
date = "2023-04-02"
modified = "2023-05-08"
score = 60
$xor_block = { 9A 18 E0 47 9A 1B 40 01 9A 18 80 0D }
$a1 = "SUNW_"
uint32be(0) == 0x7f454c46
date = "2023-04-02"
modified = "2023-05-08"
score = 60
$s1 = "<%u>[%s] Event #%u: "
/* $s2 = "ofn" */
$s2 = "lprc:%08X" ascii fullword
$s3 = "diuXxobB"
$s4 = "CHM_FW"
date = "2023-04-02"
modified = "2023-05-08"
score = 60
$be = { 02 02 00 00 01 C1 00 07 }
$le = { 02 02 00 00 07 00 C1 01 }
uint32be(0) == 0x7f454c46 and ( $be or $le )```
[https://github.com/Neo23x0/signature-base/commit/9e6a48338cac4db7ae7234e9c5aba2d7b036b7a9](https://github.com/Neo23x0/signature-base/commit/9e6a48338cac4db7ae7234e9c5aba2d7b036b7a9)