42 lines
911 B
Text
42 lines
911 B
Text
|
private rule cxpidCode : cxpid Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "cxpid code features"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-06-23"
|
||
|
|
||
|
strings:
|
||
|
$entryjunk = { 55 8B EC B9 38 04 00 00 6A 00 6A 00 49 75 F9 }
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
private rule cxpidStrings : cxpid Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "cxpid Identifying Strings"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-06-23"
|
||
|
|
||
|
strings:
|
||
|
$ = "/cxpid/submit.php?SessionID="
|
||
|
$ = "/cxgid/"
|
||
|
$ = "E21BC52BEA2FEF26D005CF"
|
||
|
$ = "E21BC52BEA39E435C40CD8"
|
||
|
$ = " -,L-,O+,Q-,R-,Y-,S-"
|
||
|
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|
||
|
|
||
|
rule cxpid : Family
|
||
|
{
|
||
|
meta:
|
||
|
description = "cxpid"
|
||
|
author = "Seth Hardy"
|
||
|
last_modified = "2014-06-23"
|
||
|
|
||
|
condition:
|
||
|
cxpidCode or cxpidStrings
|
||
|
}
|