16 lines
952 B
Plaintext
16 lines
952 B
Plaintext
|
|
rule HackTool_Win32_Uflooder_A_bit{
|
|
meta:
|
|
description = "HackTool:Win32/Uflooder.A!bit,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 06 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {49 00 43 00 4d 00 50 00 20 00 46 00 6c 00 6f 00 6f 00 64 00 } //1 ICMP Flood
|
|
$a_01_1 = {55 00 44 00 50 00 20 00 46 00 6c 00 6f 00 6f 00 64 00 } //1 UDP Flood
|
|
$a_01_2 = {54 00 43 00 50 00 20 00 41 00 74 00 74 00 61 00 63 00 6b 00 } //1 TCP Attack
|
|
$a_01_3 = {54 00 43 00 50 00 20 00 4d 00 75 00 6c 00 74 00 69 00 70 00 6c 00 65 00 20 00 44 00 44 00 6f 00 53 00 } //1 TCP Multiple DDoS
|
|
$a_01_4 = {55 00 44 00 50 00 20 00 4d 00 75 00 6c 00 74 00 69 00 70 00 6c 00 65 00 20 00 44 00 44 00 6f 00 53 00 } //1 UDP Multiple DDoS
|
|
$a_01_5 = {52 00 61 00 6e 00 64 00 6f 00 6d 00 20 00 43 00 43 00 20 00 41 00 74 00 74 00 61 00 63 00 6b 00 } //1 Random CC Attack
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1+(#a_01_5 & 1)*1) >=5
|
|
|
|
} |