Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
15 lines (13 sloc) 467 Bytes
rule SUSP_Base64_Encoded_Hex_Encoded_Code {
meta:
author = "Florian Roth"
description = "Detects hex encoded code that has been base64 encoded"
date = "2019-04-29"
score = 65
reference = "https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/"
strings:
$x1 = { 78 34 4e ?? ?? 63 65 44 ?? ?? 58 48 67 }
$x2 = { 63 45 44 ?? ?? 58 48 67 ?? ?? ?? 78 34 4e }
condition:
1 of them
}
You can’t perform that action at this time.