qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/HackTool/Linux/MSFPythonShell/HackTool_Linux_MSFPythonShe...

13 lines
760 B
Plaintext
Raw Blame History

rule HackTool_Linux_MSFPythonShell_D{
meta:
description = "HackTool:Linux/MSFPythonShell.D,SIGNATURE_TYPE_CMDHSTR_EXT,0f 00 0f 00 03 00 00 05 00 "
strings :
$a_00_0 = {70 00 79 00 74 00 68 00 6f 00 6e 00 } //05 00
$a_00_1 = {65 00 78 00 65 00 63 00 28 00 5f 00 5f 00 69 00 6d 00 70 00 6f 00 72 00 74 00 5f 00 5f 00 28 00 27 00 62 00 61 00 73 00 65 00 36 00 34 00 27 00 29 00 2e 00 62 00 36 00 34 00 64 00 65 00 63 00 6f 00 64 00 65 00 } //05 00
$a_00_2 = {28 00 5f 00 5f 00 69 00 6d 00 70 00 6f 00 72 00 74 00 5f 00 5f 00 28 00 27 00 63 00 6f 00 64 00 65 00 63 00 73 00 27 00 29 00 2e 00 67 00 65 00 74 00 65 00 6e 00 63 00 6f 00 64 00 65 00 72 00 28 00 27 00 75 00 74 00 66 00 2d 00 38 00 27 00 29 00 } //00 00
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink