19 lines
928 B
Plaintext
19 lines
928 B
Plaintext
|
|
rule HackTool_Linux_Impacket_C{
|
|
meta:
|
|
description = "HackTool:Linux/Impacket.C,SIGNATURE_TYPE_CMDHSTR_EXT,37 00 37 00 09 00 00 32 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {70 00 79 00 74 00 68 00 6f 00 6e 00 } //05 00
|
|
$a_00_1 = {61 00 74 00 65 00 78 00 65 00 63 00 2e 00 70 00 79 00 20 00 } //05 00
|
|
$a_00_2 = {64 00 63 00 6f 00 6d 00 65 00 78 00 65 00 63 00 2e 00 70 00 79 00 20 00 } //05 00
|
|
$a_00_3 = {77 00 6d 00 69 00 65 00 78 00 65 00 63 00 2e 00 70 00 79 00 20 00 } //05 00
|
|
$a_00_4 = {73 00 6d 00 62 00 65 00 78 00 65 00 63 00 2e 00 70 00 79 00 20 00 } //05 00
|
|
$a_00_5 = {70 00 73 00 65 00 78 00 65 00 63 00 2e 00 70 00 79 00 20 00 } //05 00
|
|
$a_00_6 = {73 00 6d 00 62 00 63 00 6c 00 69 00 65 00 6e 00 74 00 2e 00 70 00 79 00 20 00 } //05 00
|
|
$a_00_7 = {72 00 70 00 63 00 64 00 75 00 6d 00 70 00 2e 00 70 00 79 00 20 00 } //9c ff
|
|
$a_00_8 = {79 00 75 00 6d 00 20 00 } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |