(YARA) YARA_DebuggerCheck_GlobalFlags
rule DebuggerCheck__GlobalFlags {
meta:
description = "Rule to detect NtGlobalFlags debugger check"
author = "Thibault Seret"
date = "2020-09-26"
strings:
$s1 = "NtGlobalFlags"
condition:
any of them
}
Associated Techniques
| Technique Name | Technique ID's | Snippet(s) | OS |
|---|---|---|---|
| NtGlobalFlag | U0111 B0001.036 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| al-khaser.exe | 24 | 2024-11-13 | 1 week, 2 days ago |
Created
June 20, 2022
Last Revised
June 20, 2022