RepoMirrors
/
mimikatz
mirror of https://github.com/gentilkiwi/mimikatz
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Yara rule update to support recent mimikatz version (and logicaly Petya mimikatz module too)

This commit is contained in:
Benjamin DELPY 2017-06-29 01:01:43 +02:00
parent 083e528b69
commit 106ca7f7b4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kiwi_passwords.yar
View File

@ -12,9 +12,9 @@ rule mimikatz
strings: strings:
$exe_x86_1 = { 89 71 04 89 [0-3] 30 8d 04 bd } $exe_x86_1 = { 89 71 04 89 [0-3] 30 8d 04 bd }
$exe_x86_2 = { 89 79 04 89 [0-3] 38 8d 04 b5 } $exe_x86_2 = { 8b 4d e? 8b 45 f4 89 75 e? 89 01 85 ff 74 }
$exe_x64_1 = { 4c 03 d8 49 [0-3] 8b 03 48 89 } $exe_x64_1 = { 33 ff 4? 89 37 4? 8b f3 45 85 c? 74}
$exe_x64_2 = { 4c 8b df 49 [0-3] c1 e3 04 48 [0-3] 8b cb 4c 03 [0-3] d8 } $exe_x64_2 = { 4c 8b df 49 [0-3] c1 e3 04 48 [0-3] 8b cb 4c 03 [0-3] d8 }
$dll_1 = { c7 0? 00 00 01 00 [4-14] c7 0? 01 00 00 00 } $dll_1 = { c7 0? 00 00 01 00 [4-14] c7 0? 01 00 00 00 }