(YARA) YARA_DebuggerCheck__RemoteAPI
rule DebuggerCheck__RemoteAPI {
meta:
description = "Rule to RemoteAPI debugger check"
author = "Thibault Seret"
date = "2020-09-26"
strings:
$s1 ="CheckRemoteDebuggerPresent"
condition:
any of them
}
Associated Techniques
No associated technique found so far.
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| 3c703ecb3e8c54e352ff39fadbe7...f848bd69551b07bf2ed0a58744b9 | 6 | 2024-11-19 | 2 weeks ago |
| implant.exe | 6 | 2024-11-18 | 2 weeks, 1 day ago |
| al-khaser.exe | 24 | 2024-11-13 | 2 weeks, 5 days ago |
Created
June 20, 2022
Last Revised
November 5, 2024