Skip to content

Commit

Permalink
Yara rule update to support recent mimikatz version (and logicaly Pet…
Browse files Browse the repository at this point in the history 
…ya mimikatz module too)
  • Loading branch information
@gentilkiwi
gentilkiwi committed Jun 28, 2017
1 parent 083e528 commit 106ca7f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions kiwi_passwords.yar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ rule mimikatz

strings:
$exe_x86_1 = { 89 71 04 89 [0-3] 30 8d 04 bd }
$exe_x86_2 = { 89 79 04 89 [0-3] 38 8d 04 b5 }
$exe_x86_2 = { 8b 4d e? 8b 45 f4 89 75 e? 89 01 85 ff 74 }
$exe_x64_1 = { 4c 03 d8 49 [0-3] 8b 03 48 89 }
$exe_x64_1 = { 33 ff 4? 89 37 4? 8b f3 45 85 c? 74}
$exe_x64_2 = { 4c 8b df 49 [0-3] c1 e3 04 48 [0-3] 8b cb 4c 03 [0-3] d8 }
$dll_1 = { c7 0? 00 00 01 00 [4-14] c7 0? 01 00 00 00 }
Expand Down

0 comments on commit 106ca7f

Please sign in to comment.