17 lines
729 B
Text
17 lines
729 B
Text
rule lambda_malware
|
|
{
|
|
meta:
|
|
description = "Detects AWS Lambda Malware"
|
|
author = "cdoman@cadosecurity.com"
|
|
reference = "https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/"
|
|
license = "Apache License 2.0"
|
|
date = "2022-04-03"
|
|
hash1 = "739fe13697bc55870ceb35003c4ee01a335f9c1f6549acb6472c5c3078417eed"
|
|
hash2 = "a31ae5b7968056d8d99b1b720a66a9a1aeee3637b97050d95d96ef3a265cbbca"
|
|
strings:
|
|
$a = "github.com/likexian/doh-go/provider/"
|
|
$b = "Mozilla/5.0 (compatible; Ezooms/1.0; help@moz.com)"
|
|
$c = "username:password pair for mining server"
|
|
condition:
|
|
filesize < 30000KB and all of them
|
|
}
|