qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Exploit/WinNT/CVE-2013-2463/Exploit_WinNT_CVE-2013-2463...

15 lines
706 B
Plaintext
Raw Permalink Blame History

rule Exploit_WinNT_CVE-2013-2463_A{
meta:
description = "Exploit:WinNT/CVE-2013-2463.A,SIGNATURE_TYPE_JAVAHSTR_EXT,03 00 03 00 04 00 00 03 00 "
strings :
$a_01_0 = {43 4c 0c 0c 4c 5d 7b 7b 7b 7e 73 7b 55 6b 55 7b 76 7b 7b 15 79 5d 78 7b 7b 7f 7f 71 7b 79 49 7b } //01 00 䱃ఌ嵌筻繻筳歕筕筶ᕻ嵹筸罻煿祻等
$a_01_1 = {77 4f 56 4e 53 6a 53 42 5f 56 6a 5b 59 51 5f 5e 69 5b 57 4a 56 5f 77 55 5e 5f 56 } //01 00 wOVNSjSB_Vj[YQ_^i[WJV_wU^_V
$a_01_2 = {59 48 5f 5b 4e 5f 79 55 54 4e 5f 42 4e } //01 00 YH_[N_yUTN_BN
$a_01_3 = {59 48 5f 5b 4e 5f 6d 48 53 4e 5b 58 56 5f 68 5b 49 4e 5f 48 } //00 00 YH_[N_mHSN[XV_h[IN_H
$a_00_4 = {5d } //04 00 ]
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink