DefenderYara/Exploit/Win64/CVE-2023-28252/Exploit_Win64_CVE-2023-2825...


rule Exploit_Win64_CVE-2023-28252_A{
	meta:
		description = "Exploit:Win64/CVE-2023-28252.A,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 03 00 00 "
		
	strings :
		$a_03_0 = {48 89 15 bc 9b 06 00 e8 90 01 04 48 8b ce e8 90 01 04 00 33 d2 90 00 } //1
		$a_03_1 = {48 2b d3 48 2b c3 48 89 15 2a 9c 04 00 48 89 05 2b 9c 04 00 e8 90 01 04 48 8b 15 1f 9c 04 90 00 } //1
		$a_03_2 = {48 89 15 bb 7c 04 00 e8 90 01 04 8b 0d 08 7b 06 00 48 8b 05 89 7c 04 00 4c 39 3c 01 90 00 } //1
	condition:
		((#a_03_0  & 1)*1+(#a_03_1  & 1)*1+(#a_03_2  & 1)*1) >=2
 
}
update: update to 20240218 2024-02-26 04:07:32 -08:00
			`rule Exploit_Win64_CVE-2023-28252_A{`
			`meta:`
fix condition 2024-07-06 23:13:08 -07:00			`description = "Exploit:Win64/CVE-2023-28252.A,SIGNATURE_TYPE_PEHSTR_EXT,02 00 02 00 03 00 00 "`
update: update to 20240218 2024-02-26 04:07:32 -08:00
			`strings :`
fix condition 2024-07-06 23:13:08 -07:00			`$a_03_0 = {48 89 15 bc 9b 06 00 e8 90 01 04 48 8b ce e8 90 01 04 00 33 d2 90 00 } //1`
			`$a_03_1 = {48 2b d3 48 2b c3 48 89 15 2a 9c 04 00 48 89 05 2b 9c 04 00 e8 90 01 04 48 8b 15 1f 9c 04 90 00 } //1`
			`$a_03_2 = {48 89 15 bb 7c 04 00 e8 90 01 04 8b 0d 08 7b 06 00 48 8b 05 89 7c 04 00 4c 39 3c 01 90 00 } //1`
update: update to 20240218 2024-02-26 04:07:32 -08:00			`condition:`
fix condition 2024-07-06 23:13:08 -07:00			`((#a_03_0 & 1)1+(#a_03_1 & 1)1+(#a_03_2 & 1)*1) >=2`
update: update to 20240218 2024-02-26 04:07:32 -08:00
			`}`