(YARA) YARA_Detect_XOR

Download Raw 

rule xor_detection
{
    strings:
        $xor1 = { 31 d2 f7 e2 89 c2 }
        $xor2 = { 31 c9 f7 f9 99 c0 }
        $xor3 = { 31 f6 f7 e6 99 d0 }

    condition:
        any of them
}

Associated Techniques

Technique Name Technique ID's Snippet(s) OS
XOR Operation U0701 E1027.m02
Created

December 13, 2022

Last Revised

December 13, 2022