08e8d462fe
RED PILL 🔴 💊
18 lines
404 B
Text
18 lines
404 B
Text
rule IPStorm
|
|
{
|
|
meta:
|
|
copyright = "Intezer Labs"
|
|
author = "Intezer Labs"
|
|
reference = "https://www.intezer.com"
|
|
strings:
|
|
$package1 = "storm/backshell"
|
|
$package2 = "storm/filetransfer"
|
|
$package3 = "storm/scan_tools"
|
|
$package4 = "storm/malware-guard"
|
|
$package5 = "storm/avbypass"
|
|
$package6 = "storm/powershell"
|
|
$lib2b = "libp2p/go-libp2p"
|
|
|
|
condition:
|
|
4 of ($package*) and $lib2b
|
|
}
|