Neo23x0 / signature-base

YARA signature and IOC database for my scanners and tools
Other
2.47k stars 604 forks source link

Inserting new unpacked IcedID detection signature - crime_icedid.yar file #306

Closed Icaro-Cesar closed 5 months ago

Icaro-Cesar commented 9 months ago

Inserting new unpacked IcedID memory detection signature. The rule has been tested, and has a low false positive rate.

memory_detection_iced

I also tested the rule on the unpac.me platform, and it returned matches only with samples from the IcedID family.

unpack_contrib