Sneed-Reactivity/yara-mikesxrs/securityartwork/HardcodeHunter.yar

rule HardcodeHunter
{
        meta:
                description = "Veil Hardcoded IP"
                reference = "https://www.securityartwork.es/2015/03/20/deteccion-de-codigo-malicioso-con-yara-i/"
        strings:
                $ IP = / (25 [0-5] | 2 [0-4] [0-9] | [01]? [0-9] [0-9]?) \.
                      (25 [0-5] | 2 [0-4] [0-9] | [01]? [0-9] [0-9]?) \.
                      (25 [0-5] | 2 [0-4] [0-9] | [01]? [0-9] [0-9]?) \.
                      (25 [0-5] | 2 [0-4] [0-9] | [01]? [0-9] [0-9]?) /
        condition:
                $ IP at 0x28df
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule HardcodeHunter`
			`{`
			`meta:`
			`description = "Veil Hardcoded IP"`
			`reference = "https://www.securityartwork.es/2015/03/20/deteccion-de-codigo-malicioso-con-yara-i/"`
			`strings:`
			`$ IP = / (25 [0-5] \| 2 [0-4] [0-9] \| [01]? [0-9] [0-9]?) \.`
			`(25 [0-5] \| 2 [0-4] [0-9] \| [01]? [0-9] [0-9]?) \.`
			`(25 [0-5] \| 2 [0-4] [0-9] \| [01]? [0-9] [0-9]?) \.`
			`(25 [0-5] \| 2 [0-4] [0-9] \| [01]? [0-9] [0-9]?) /`
			`condition:`
			`$ IP at 0x28df`
			`}`