Inserting new unpacked IcedID detection signature - crime_icedid.yar file

Neo23x0 / signature-base

YARA signature and IOC database for my scanners and tools

Other

2.49k stars 604 forks source link

Closed Icaro-Cesar closed 6 months ago

Icaro-Cesar commented 10 months ago

Inserting new unpacked IcedID memory detection signature. The rule has been tested, and has a low false positive rate.

memory_detection_iced

I also tested the rule on the unpac.me platform, and it returned matches only with samples from the IcedID family.

unpack_contrib