Skip to content

Commit

Permalink
The Return, classic sci-fi trope and return of Bazar being tricky
Browse files Browse the repository at this point in the history
  • Loading branch information
@GossiTheDog
GossiTheDog authored Jan 28, 2021
1 parent 15add4b commit f0f7534
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions YARA/BazaLoaderBackdoor.yar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,3 +202,13 @@ rule BazaMike
condition:
any of them
}

rule BazaTheReturn
{
strings:
$0 = {C0CDDDB173895AB8437D8E9E2D7FAB0D46EBCC8E8DA80B89ECAF4751FA2A36C9AE99B113764CAF6465B23CE9F3782F023A94F08AAFBEDF368DC047F61289F5DF133CEC0E5575292434D2ED60D68A874DFF9E49196F5F2E6ED8C5B645CAD0587F6E5CBD6C8FECBBB941D9F299F6A92A0E05DDF3F391C41CC68C07E4FF160AFE17FCD8F929B1E42EFB71E4F0A80A6066F121802AFA5CD3998A54439089DE8808FFB8C3EF140753A204F1DC7ED73D9B1C1BAE6368CB035B8D809748AE42DEED51FEA1ABD1D63F436AB2899A9C1058D27627CE7048E7136B485F31}
$1 = {799DA8327C951798004471E8A11A5E76EC3FA4C84AEB03472A72E951A68F6BB1C815D81C226D2B5DE3F3A17763DD34A53D79422142CA76F56A0B15214029CA88A8EBFF8F4F9CF141C66E1D892F1A7CF60C0387C1B392A36935A1407E1EA06D9C8AAE2849AE93BAB630EFB459BBFD49EC943C8CE8AC59BE054525E33B46DCAAF2CA23FA9047AEE2}
$2 = {9F0A6EADF5A41EFCBAB374FE84DF747C36BA25D95D531350871EE9BBE029869F089AE4432E4FE95317891D6D90DB1B855DF30B721A95257DFA55CB0D78C7DFF5C8CC0AF9EF2F}
condition:
any of them
}

0 comments on commit f0f7534

Please sign in to comment.