Merge branch 'main' of https://github.com/Neo23x0/Raccine into main

litegenx · Mar 23, 2021 · 8a61010 · 8a61010
2 parents 6679e3e + 5534a7d
commit 8a61010
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/yara/mal_exchange_cryptominer.yar b/yara/mal_exchange_cryptominer.yar
@@ -0,0 +1,14 @@
+rule MAL_Exchange_CryptoMiner_Mar21_1 {
+   meta:
+      description = "Detects Cryptominer activity exploiting exchange vulnerability"
+      author = "Florian Roth"
+      date = "2021-03-16"
+      reference = "https://twitter.com/ollieatnccgroup/status/1371840592246870023"
+      score = 60
+   strings:
+      $s1 = "wmic.exe product where"
+      $s2 = "%AntiVirus%"
+      $s3 = "call uninstall /noninteractive"
+   condition:
+      all of them
+}