11 lines
413 B
Plaintext
11 lines
413 B
Plaintext
|
|
rule Exploit_Win32_CVE-2017-8759_F{
|
|
meta:
|
|
description = "Exploit:Win32/CVE-2017-8759.F,SIGNATURE_TYPE_PEHSTR,01 00 01 00 01 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {61 00 70 00 69 00 2e 00 6d 00 73 00 77 00 6f 00 72 00 64 00 65 00 78 00 70 00 6c 00 6f 00 69 00 74 00 2e 00 63 00 6f 00 6d 00 2f 00 70 00 75 00 62 00 6c 00 69 00 63 00 2f 00 } //1 api.mswordexploit.com/public/
|
|
condition:
|
|
((#a_01_0 & 1)*1) >=1
|
|
|
|
} |