qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Exploit/WinNT/CVE-2012-1723/Exploit_WinNT_CVE-2012-1723...

14 lines
1.5 KiB
Plaintext
Raw Permalink Blame History

rule Exploit_WinNT_CVE-2012-1723_ZUC{
meta:
description = "Exploit:WinNT/CVE-2012-1723.ZUC,SIGNATURE_TYPE_JAVAHSTR_EXT,01 00 01 00 04 00 00 "
strings :
$a_03_0 = {9a c6 a7 bf 2b b4 b0 bf 90 04 01 02 2a 2b b4 90 04 01 02 1c 1d 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 9a c6 a7 bf 2b b4 b0 bf 90 1b 00 b4 90 1b 01 } //1
$a_01_1 = {b2 36 b2 03 32 4c 2a 4d 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf } //1
$a_01_2 = {b2 36 b2 4c 2a 4d 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf } //1
$a_01_3 = {b2 36 b2 05 32 4c 2a 4d 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf 2a b4 15 9a c6 a7 bf 2c b4 b0 bf } //1
condition:
((#a_03_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1) >=1
}
Reference in New Issue View Git Blame Copy Permalink