20 lines
469 B
Plaintext
20 lines
469 B
Plaintext
rule apt_ZZ_Naikon_codebase : Naikon
|
|
{
|
|
meta:
|
|
report = "Naikon New AR Backdoor Deployment to Southeast Asia"
|
|
description = "Naikon typo"
|
|
author = "Kaspersky"
|
|
copyright = "Kaspersky"
|
|
version = "1.0"
|
|
date = "2018-06-28"
|
|
last_modified = "2018-06-28"
|
|
|
|
strings:
|
|
$a1 = "Create Directroy [%s] Failed:%d" wide
|
|
|
|
condition:
|
|
uint16(0) == 0x5A4D and
|
|
filesize < 450000 and
|
|
$a1
|
|
}
|