qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Darkddoser/Backdoor_Win32_Darkddoser_A...

15 lines
662 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Darkddoser_A{
meta:
description = "Backdoor:Win32/Darkddoser.A,SIGNATURE_TYPE_PEHSTR_EXT,05 00 05 00 05 00 00 02 00 "
strings :
$a_01_0 = {48 54 54 50 20 46 6c 6f 6f 64 20 41 63 74 69 76 65 } //01 00 HTTP Flood Active
$a_03_1 = {ba 01 20 00 00 e8 90 01 02 ff ff 6a 00 68 01 20 00 00 57 8b 43 04 50 e8 90 01 02 ff ff 90 01 02 eb 90 00 } //01 00
$a_03_2 = {66 c7 43 08 02 00 0f b7 07 50 e8 90 01 02 ff ff 66 89 43 0a 8d 4d fc 90 00 } //01 00
$a_01_3 = {64 61 72 6b 64 64 6f 73 65 72 } //01 00 darkddoser
$a_01_4 = {53 59 4e 20 46 6c 6f 6f 64 20 41 63 74 69 76 65 } //00 00 SYN Flood Active
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink