Create apt_ZZ_Naikon_codebase.yar

2025-06-20 18:00:13 +00:00 · 2020-05-11 21:54:25 +08:00 · 2020-05-11 21:54:25 +08:00 · b9f598ded4
commit b9f598ded4
parent fa3fbe0e75
1 changed files with 19 additions and 0 deletions
--- a/nazar/apt_ZZ_Naikon_codebase.yar
+++ b/nazar/apt_ZZ_Naikon_codebase.yar
@ -0,0 +1,19 @@
+rule apt_ZZ_Naikon_codebase : Naikon 
+{
+    meta:
+        report = "Naikon New AR Backdoor Deployment to Southeast Asia"
+        description = "Naikon typo"
+        author = "Kaspersky"
+        copyright = "Kaspersky"
+        version = "1.0"
+        date = "2018-06-28"
+        last_modified = "2018-06-28"
+
+    strings:
+        $a1 = "Create Directroy [%s] Failed:%d" wide
+
+    condition:
+        uint16(0) == 0x5A4D and
+        filesize &lt; 450000 and
+        $a1
+}