Sneed-Reactivity/yara-mikesxrs/Damian Baran/rule LinuxDDOS_Agent.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

34 lines
No EOL
1.4 KiB
Text

rule LinuxDDOS_Agent
{
meta:
author = "Damian Baran"
reference = "https://github.com/nxdamian/YARA-Public"
type = "info"
severity = 1
description = "Search for LinuxDDOS_Agent malware"
strings:
$LinDDOS_1={657468303A254C7520254C7520254C7520254C7520254C7520254C7520254C7520254C7520254C75}
$LinDDOS_2={564552534F4E45583A25737C25647C25647C2573}
$LinDDOS_3={4D722E426C61636B}
$LinDDOS_4={2F6574632F696E69742E642F706B746D616B}
$LinDDOS_5={636F64653A313032207772697465206175746F72756E20736372697074206661696C21}
$LinDDOS_6={63686D6F6420373737202F6574632F696E69742E642F706B746D616B65}
$LinDDOS_7={6C6E20202D7320202D6620202F6574632F696E69742E642F706B746D616B6520202F6574632F7263322E642F533939706B746D616B65}
$LinDDOS_8={6C6E20202D7320202D6620202F6574632F696E69742E642F706B746D616B6520202F6574632F72632E642F7263362E642F533939706B746D616B65}
$LinDDOS_9={6B696C6C616C6C2020706B746D616B65}
$LinDDOS_10={2F62696E2F706B746D616B}
$LinDDOS_11={2E2F62696E2F706B746D616B65202D6B696C6C2025}
$LinDDOS_12={53656E64537973496E666F20}
$LinDDOS_13={374941747461636B}
$LinDDOS_14={646F737365742E64746462}
$LinDDOS_15={34372E66333332322E6F7267}
$LinDDOS_16={675F6241747461636B}
$LinDDOS_17={41747461636B576F726B6572}
$LinDDOS_18={4465616C7769746844446F53}
$LinDDOS_19={6B30306C6970}
$LinDDOS_20={646E73416D70}
$LinDDOS_21={675F6241747461636B2E62636F7079}
$LinDDOS_22={4465616C5769746844446F53}
condition:
any of them
}