15 lines
821 B
Plaintext
15 lines
821 B
Plaintext
|
|
rule Exploit_iPhoneOS_AsyncWake_A_xp{
|
|
meta:
|
|
description = "Exploit:iPhoneOS/AsyncWake.A!xp,SIGNATURE_TYPE_MACHOHSTR_EXT,04 00 04 00 05 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {2f 64 65 76 2f 64 69 73 6b 30 73 31 73 31 } //1 /dev/disk0s1s1
|
|
$a_00_1 = {63 68 6d 6f 64 20 2f 6a 62 2f 62 69 6e 2f 6c 61 75 6e 63 68 63 74 6c 20 25 73 } //1 chmod /jb/bin/launchctl %s
|
|
$a_00_2 = {63 68 6f 77 6e 20 2f 74 6d 70 2f 53 68 61 69 48 75 6c 75 64 2e 70 6c 69 73 74 20 25 73 } //1 chown /tmp/ShaiHulud.plist %s
|
|
$a_00_3 = {47 45 54 20 2f 6c 69 62 65 72 74 76 31 31 2f 63 6f 75 6e 74 65 72 2e 70 68 70 } //1 GET /libertv11/counter.php
|
|
$a_00_4 = {77 77 77 2e 6e 65 77 6f 73 78 62 6f 6f 6b 2e 63 6f 6d } //1 www.newosxbook.com
|
|
condition:
|
|
((#a_00_0 & 1)*1+(#a_00_1 & 1)*1+(#a_00_2 & 1)*1+(#a_00_3 & 1)*1+(#a_00_4 & 1)*1) >=4
|
|
|
|
} |