DefenderYara/HackTool/Linux/Wingate/HackTool_Linux_Wingate_A_xp...


rule HackTool_Linux_Wingate_A_xp{
	meta:
		description = "HackTool:Linux/Wingate.A!xp,SIGNATURE_TYPE_ELFHSTR_EXT,05 00 05 00 05 00 00 02 00 "
		
	strings :
		$a_01_0 = {77 67 61 74 65 2e 63 } //01 00 
		$a_01_1 = {57 69 6e 67 61 74 65 20 66 6f 75 6e 64 3a 20 25 73 } //01 00 
		$a_01_2 = {57 69 6e 67 61 74 65 20 53 65 65 6b 65 72 20 62 79 20 4b 42 79 74 65 } //01 00 
		$a_01_3 = {4e 65 74 70 72 6f 78 79 3e } //01 00 
		$a_01_4 = {75 73 65 3a 20 25 73 20 69 6e 66 69 6c 65 20 6f 75 74 66 69 6c 65 } //00 00 
	condition:
		any of ($a_*)
 
}
init 2024-02-05 06:12:47 -08:00
			`rule HackTool_Linux_Wingate_A_xp{`
			`meta:`
			`description = "HackTool:Linux/Wingate.A!xp,SIGNATURE_TYPE_ELFHSTR_EXT,05 00 05 00 05 00 00 02 00 "`

			`strings :`
			`$a_01_0 = {77 67 61 74 65 2e 63 } //01 00`
			`$a_01_1 = {57 69 6e 67 61 74 65 20 66 6f 75 6e 64 3a 20 25 73 } //01 00`
			`$a_01_2 = {57 69 6e 67 61 74 65 20 53 65 65 6b 65 72 20 62 79 20 4b 42 79 74 65 } //01 00`
			`$a_01_3 = {4e 65 74 70 72 6f 78 79 3e } //01 00`
			`$a_01_4 = {75 73 65 3a 20 25 73 20 69 6e 66 69 6c 65 20 6f 75 74 66 69 6c 65 } //00 00`
			`condition:`
			`any of ($a_*)`

			`}`