13 lines
516 B
Plaintext
13 lines
516 B
Plaintext
|
|
||
|
rule Exploit_MacOS_CVE-2022-46689_A_MTB{
|
||
|
meta:
|
||
|
description = "Exploit:MacOS/CVE-2022-46689.A!MTB,SIGNATURE_TYPE_MACHOHSTR_EXT,03 00 03 00 03 00 00 01 00 "
|
||
|
|
||
|
strings :
|
||
|
$a_01_0 = {63 6f 6d 2e 77 6f 72 74 68 64 6f 69 6e 67 62 61 64 6c 79 2e 66 75 6c 6c 64 69 73 6b 61 63 63 65 73 73 } //01 00
|
||
|
$a_01_1 = {63 6f 6d 2e 61 70 70 6c 65 2e 61 70 70 2d 73 61 6e 64 62 6f 78 2e 72 65 61 64 2d 77 72 69 74 65 } //01 00
|
||
|
$a_01_2 = {43 56 45 2d 32 30 32 32 2d 34 36 36 38 39 } //00 00
|
||
|
condition:
|
||
|
any of ($a_*)
|
||
|
|
||
|
}
|