19 lines
404 B
Text
19 lines
404 B
Text
|
rule IPStorm
|
||
|
{
|
||
|
meta:
|
||
|
copyright = "Intezer Labs"
|
||
|
author = "Intezer Labs"
|
||
|
reference = "https://www.intezer.com"
|
||
|
strings:
|
||
|
$package1 = "storm/backshell"
|
||
|
$package2 = "storm/filetransfer"
|
||
|
$package3 = "storm/scan_tools"
|
||
|
$package4 = "storm/malware-guard"
|
||
|
$package5 = "storm/avbypass"
|
||
|
$package6 = "storm/powershell"
|
||
|
$lib2b = "libp2p/go-libp2p"
|
||
|
|
||
|
condition:
|
||
|
4 of ($package*) and $lib2b
|
||
|
}
|