19 lines
518 B
Text
19 lines
518 B
Text
|
rule TangoAlfa
|
||
|
{
|
||
|
meta:
|
||
|
copyright = "2015 Novetta Solutions"
|
||
|
author = "Novetta Threat Research & Interdiction Group - trig@novetta.com"
|
||
|
|
||
|
strings:
|
||
|
// $firewall is a shared code string
|
||
|
$firewall = "%sd.e%sc n%ssh%srewa%s ad%s po%sop%sing T%s %d \"%s\""
|
||
|
|
||
|
$testStatus1 = "*****[Start Test -> %s:%d]" wide
|
||
|
$testStatus2 = "*****[Relay Connect " wide
|
||
|
$testStatus3 = "*****[Listen Port %d] - " wide
|
||
|
$testStatus4 = "*****[Error Socket]" wide
|
||
|
$testStatus5 = "*****[End Test]" wide
|
||
|
|
||
|
condition:
|
||
|
2 of them
|
||
|
}
|