22 lines
559 B
Text
22 lines
559 B
Text
|
rule ALFA_TEaM_Shell_V1
|
||
|
{
|
||
|
meta:
|
||
|
Author = "@X0RC1SM"
|
||
|
Description = "Looking for ALFA TEaM Shell"
|
||
|
Reference = "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html"
|
||
|
Date = "2017-10-28"
|
||
|
|
||
|
strings:
|
||
|
$STR1 = "#Iranian Hackers"
|
||
|
$STR2 = "#Persian Gulf For Ever"
|
||
|
$STR3 = "#Special Thanks To MadLeets"
|
||
|
$STR4 = "function alfa("
|
||
|
$STR5 = "=alfa("
|
||
|
$STR6 = "#Author Sole Sad & Invisible"
|
||
|
$STR7 = "#solevisible@gmail.com"
|
||
|
$STR8 = "#CopyRight 2014"
|
||
|
|
||
|
condition:
|
||
|
5 of them
|
||
|
}
|