DefenderYara/Exploit/WinNT/CVE-2012-0507/Exploit_WinNT_CVE-2012-0507...


rule Exploit_WinNT_CVE-2012-0507_NR{
	meta:
		description = "Exploit:WinNT/CVE-2012-0507.NR,SIGNATURE_TYPE_JAVAHSTR_EXT,02 00 02 00 03 00 00 01 00 "
		
	strings :
		$a_01_0 = {b7 b7 3a 19 b6 c0 c0 3a 19 03 32 c0 c0 3a 19 04 32 c0 3a 19 03 2c b6 19 03 32 2b } //01 00 
		$a_01_1 = {10 32 b8 4c 2b b2 10 32 b6 4d 2c 04 b6 2c 01 b6 b3 b2 b6 b2 10 32 04 bd 59 03 12 53 b6 4e 2d b2 04 bd 59 03 12 12 b6 53 b6 } //01 00 
		$a_01_2 = {3a 08 11 10 00 bc 08 3a 09 03 36 0a } //00 00 
	condition:
		any of ($a_*)
 
}
init 2024-02-05 06:12:47 -08:00
			`rule Exploit_WinNT_CVE-2012-0507_NR{`
			`meta:`
			`description = "Exploit:WinNT/CVE-2012-0507.NR,SIGNATURE_TYPE_JAVAHSTR_EXT,02 00 02 00 03 00 00 01 00 "`

			`strings :`
			`$a_01_0 = {b7 b7 3a 19 b6 c0 c0 3a 19 03 32 c0 c0 3a 19 04 32 c0 3a 19 03 2c b6 19 03 32 2b } //01 00`
			`$a_01_1 = {10 32 b8 4c 2b b2 10 32 b6 4d 2c 04 b6 2c 01 b6 b3 b2 b6 b2 10 32 04 bd 59 03 12 53 b6 4e 2d b2 04 bd 59 03 12 12 b6 53 b6 } //01 00`
			`$a_01_2 = {3a 08 11 10 00 bc 08 3a 09 03 36 0a } //00 00`
			`condition:`
			`any of ($a_*)`

			`}`