13 lines
1.3 KiB
Plaintext
13 lines
1.3 KiB
Plaintext
|
|
rule Backdoor_Win32_Bloiscom{
|
|
meta:
|
|
description = "Backdoor:Win32/Bloiscom,SIGNATURE_TYPE_PEHSTR_EXT,09 00 09 00 03 00 00 04 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {4a 00 4e 00 6f 00 20 00 73 00 65 00 20 00 65 00 6e 00 63 00 75 00 65 00 6e 00 74 00 72 00 61 00 20 00 6e 00 69 00 6e 00 67 00 75 00 6e 00 20 00 4d 00 6f 00 64 00 65 00 6d 00 20 00 2f 00 20 00 52 00 44 00 53 00 49 00 20 00 65 00 6e 00 20 00 73 00 75 00 20 00 6f 00 72 00 64 00 65 00 6e 00 61 00 64 00 6f 00 72 00 2e 00 20 00 4e 00 6f 00 20 00 73 00 65 00 20 00 70 00 75 00 65 00 64 00 65 00 20 00 63 00 6f 00 6e 00 65 00 63 00 74 00 61 00 72 00 2e 00 23 00 48 00 61 00 79 00 20 00 71 00 75 00 65 00 20 00 74 00 65 00 72 00 6d 00 69 00 6e 00 61 00 72 00 20 00 41 00 4f 00 4c 00 20 00 41 00 76 00 61 00 6e 00 74 00 20 00 70 00 72 00 69 00 6d 00 65 00 72 00 6f 00 21 00 } //02 00 JNo se encuentra ningun Modem / RDSI en su ordenador. No se puede conectar.#Hay que terminar AOL Avant primero!
|
|
$a_01_1 = {20 00 32 00 30 00 30 00 31 00 20 00 42 00 6c 00 6f 00 69 00 73 00 63 00 6f 00 6d 00 20 00 73 00 2e 00 6c 00 2e 00 } //03 00 2001 Bloiscom s.l.
|
|
$a_01_2 = {41 68 6f 72 61 20 73 69 6d 70 6c 65 6d 65 6e 74 65 20 43 4f 4e 45 43 54 41 54 45 20 59 20 44 49 53 46 52 55 54 41 21 21 21 } //00 00 Ahora simplemente CONECTATE Y DISFRUTA!!!
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |