Find PE files with PDB pathways with YARA.
100 Days of YARA – Day 18: Yanluowang Ransomware
Another ransomware strain is known as Yanluowang. Here are some of my bookmarks that I've tagged as Yanluowang: https://pinboard.in/u:droberson/t:yanluowang/ This blog post by Symantec was very interesting to me, as it presented a lot of generic examples of post-exploitation activity that was observed by the operators of this ransomware: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-ransomware-attacks-continue Particularly, this article mentions the …
Continue reading 100 Days of YARA – Day 18: Yanluowang Ransomware