15 lines
895 B
Plaintext
15 lines
895 B
Plaintext
|
|
rule Exploit_iPhoneOS_Kappotoma_B{
|
|
meta:
|
|
description = "Exploit:iPhoneOS/Kappotoma.B,SIGNATURE_TYPE_MACHOHSTR_EXT,02 00 02 00 05 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {39 50 42 45 32 56 35 36 36 58 2e 63 6f 6d 2e 72 72 65 6d 61 6e 31 36 38 2e 63 6e } //1 9PBE2V566X.com.rreman168.cn
|
|
$a_00_1 = {6b 70 6f 72 74 2e 69 70 5f 6b 6f 62 6a 65 63 74 3d 25 70 } //1 kport.ip_kobject=%p
|
|
$a_00_2 = {45 72 72 6f 72 3a 20 65 78 70 6c 6f 69 74 2e 20 52 65 62 6f 6f 74 20 61 6e 64 20 72 65 74 72 79 2e } //1 Error: exploit. Reboot and retry.
|
|
$a_00_3 = {6a 61 69 6c 62 72 65 61 6b 33 36 35 20 61 6e 64 20 43 6f 72 79 4b 6f 72 6e 6f 77 69 63 7a } //1 jailbreak365 and CoryKornowicz
|
|
$a_00_4 = {45 78 70 6c 6f 69 74 20 73 65 6c 65 63 74 65 64 3a 20 76 33 6e 74 65 78 } //1 Exploit selected: v3ntex
|
|
condition:
|
|
((#a_00_0 & 1)*1+(#a_00_1 & 1)*1+(#a_00_2 & 1)*1+(#a_00_3 & 1)*1+(#a_00_4 & 1)*1) >=2
|
|
|
|
} |