Find RATs belonging to the MysterySnail group with YARA.
Category: malware
100 Days of YARA – Day 27: LOKI2
LOKI2 is an old backdoor released in Phrack Magazine in 1997. This tool is still somewhat novel even in 2021, providing a shell over the ICMP protocol. http://phrack.org/issues/49/6.htmlhttp://phrack.org/issues/51/6.html A few years ago, I read an article that highlighted this tool's use by the Turla group that piqued my interest. Due to this tool running over …
100 Days of YARA – Day 26: Merlin C2
Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. This C2 software offers some unique features such as operating over the QUIC protocol and compatibility with the Mythic Framework.https://github.com/Ne0nd0g/merlin I encountered this C2 while playing Pros versus Joes CTF. rule merlin { meta: description = "https://github.com/Ne0nd0g/merlin" strings: $a = "github.com/Ne0nd0g/merlin" …
100 Days of YARA – Day 25: Hive Ransomware Obfuscated Strings
Detect the golang-based string obfuscation library implemented by Hive Ransomware with YARA.
100 Days of YARA – Day 24: Run Keys
Find samples containing registry run key pathways with YARA.
REVIEW: Reversing: Secrets of Reverse Engineering
Book review of Reversing: Secrets of Reverse Engineering.
REVIEW: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
My review of Practical Malware Analysis.
100 Days of YARA – Day 4: Identifying Mach-O Files and Java Classes
Detect Mach-O binaries with YARA.
100 Days of YARA – Day 1: Basics
Getting started with YARA.
YARA Rules Index
YARA Rules Index
Malicious LNK Files
Malicious LNK files.
Cron Persistence
All about cron persistence