Sneed-Reactivity/yara-Neo23x0/exploit_cve_2015_5119.yar


rule Flash_CVE_2015_5119_APT3_leg {
    meta:
        description = "Exploit Sample CVE-2015-5119"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
      author = "Florian Roth (Nextron Systems)"
        score = 70
        yaraexchange = "No distribution without author's consent"
        date = "2015-08-01"
        id = "d9efaea3-0644-501a-990b-665e257beb86"
    strings:
        $s0 = "HT_exploit" fullword ascii
        $s1 = "HT_Exploit" fullword ascii
        $s2 = "flash_exploit_" ascii
        $s3 = "exp1_fla/MainTimeline" ascii fullword
        $s4 = "exp2_fla/MainTimeline" ascii fullword
        $s5 = "_shellcode_32" ascii
        $s6 = "todo: unknown 32-bit target" fullword ascii
    condition:
        uint16(0) == 0x5746 and 1 of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00
			`rule Flash_CVE_2015_5119_APT3_leg {`
			`meta:`
			`description = "Exploit Sample CVE-2015-5119"`
			`license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"`
			`author = "Florian Roth (Nextron Systems)"`
			`score = 70`
			`yaraexchange = "No distribution without author's consent"`
			`date = "2015-08-01"`
			`id = "d9efaea3-0644-501a-990b-665e257beb86"`
			`strings:`
			`$s0 = "HT_exploit" fullword ascii`
			`$s1 = "HT_Exploit" fullword ascii`
			`$s2 = "flash_exploit_" ascii`
			`$s3 = "exp1_fla/MainTimeline" ascii fullword`
			`$s4 = "exp2_fla/MainTimeline" ascii fullword`
			`$s5 = "_shellcode_32" ascii`
			`$s6 = "todo: unknown 32-bit target" fullword ascii`
			`condition:`
			`uint16(0) == 0x5746 and 1 of them`
			`}`