mace 0.1.4

Automated extration of malware configuration, focusing on C2 communication
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

/// Rule for getting the location of the `customer` and `tag` parameters of coper
pub static RULE_DGA: &str = r#"
rule dga {
    meta:
        author = "Frondorf, Niklas"

    strings:
        $make_dga =  {
            48 b8 6d        
            61 6b 65 
            5f 44 47 41     // mov      rax,0x4147445f656b616d ("make_DGA")
        }

    condition:
        all of them
}"#;