Skip to content

Commit 8568556

Browse files
dcodedcode
committed
Fix yara syntax
1 parent 0933aeb commit 8568556

File tree

1 file changed

+8
-6
lines changed

1 file changed

+8
-6
lines changed

blog/mozin-about/mozi-obfuscation-technique.yara

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,14 @@
1-
rule Mozi Obfuscation Technique {
1+
rule MoziObfuscationTechnique
2+
{
23
meta:
34
author = "Elastic Security, Lars Wallenborn (@larsborn)"
45
description = "Detects obfuscation technique used by Mozi botnet."
5-
string:
6+
strings:
67
$a = { 55 50 58 21
7-
[4]
8-
00 00 00 00
9-
00 00 00 00
8+
[4]
9+
00 00 00 00
10+
00 00 00 00
1011
00 00 00 00 }
11-
condition:
12+
condition:
1213
all of them
14+
}

0 commit comments

Comments
 (0)