14 lines
800 B
Plaintext
14 lines
800 B
Plaintext
|
|
rule Exploit_Win32_MS10048_A_bit{
|
|
meta:
|
|
description = "Exploit:Win32/MS10048.A!bit,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 04 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {6d 61 73 74 65 72 40 68 34 63 6b 65 72 2e 75 73 } //1 master@h4cker.us
|
|
$a_01_1 = {5b 20 5d 20 53 65 74 74 69 6e 67 20 75 70 20 43 42 54 20 66 69 6c 74 65 72 20 68 6f 6f 6b 2e 00 5b 20 5d 20 43 72 65 61 74 69 6e 67 20 65 76 69 6c 20 77 69 6e 64 6f 77 } //1
|
|
$a_01_2 = {5b 2b 5d 20 53 65 74 20 74 6f 20 25 64 20 65 78 70 6c 6f 69 74 20 68 61 6c 66 20 73 75 63 63 65 65 64 65 64 } //1 [+] Set to %d exploit half succeeded
|
|
$a_01_3 = {5b 2b 5d 20 45 6e 6a 6f 79 21 00 47 65 74 44 65 76 69 63 65 44 72 69 76 65 72 42 61 73 65 4e 61 6d 65 41 } //1
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1) >=3
|
|
|
|
} |