08e8d462fe
RED PILL 🔴 💊
34 lines
No EOL
1.4 KiB
Text
34 lines
No EOL
1.4 KiB
Text
rule LinuxDDOS_Agent
|
|
{
|
|
meta:
|
|
author = "Damian Baran"
|
|
reference = "https://github.com/nxdamian/YARA-Public"
|
|
type = "info"
|
|
severity = 1
|
|
description = "Search for LinuxDDOS_Agent malware"
|
|
strings:
|
|
$LinDDOS_1={657468303A254C7520254C7520254C7520254C7520254C7520254C7520254C7520254C7520254C75}
|
|
$LinDDOS_2={564552534F4E45583A25737C25647C25647C2573}
|
|
$LinDDOS_3={4D722E426C61636B}
|
|
$LinDDOS_4={2F6574632F696E69742E642F706B746D616B}
|
|
$LinDDOS_5={636F64653A313032207772697465206175746F72756E20736372697074206661696C21}
|
|
$LinDDOS_6={63686D6F6420373737202F6574632F696E69742E642F706B746D616B65}
|
|
$LinDDOS_7={6C6E20202D7320202D6620202F6574632F696E69742E642F706B746D616B6520202F6574632F7263322E642F533939706B746D616B65}
|
|
$LinDDOS_8={6C6E20202D7320202D6620202F6574632F696E69742E642F706B746D616B6520202F6574632F72632E642F7263362E642F533939706B746D616B65}
|
|
$LinDDOS_9={6B696C6C616C6C2020706B746D616B65}
|
|
$LinDDOS_10={2F62696E2F706B746D616B}
|
|
$LinDDOS_11={2E2F62696E2F706B746D616B65202D6B696C6C2025}
|
|
$LinDDOS_12={53656E64537973496E666F20}
|
|
$LinDDOS_13={374941747461636B}
|
|
$LinDDOS_14={646F737365742E64746462}
|
|
$LinDDOS_15={34372E66333332322E6F7267}
|
|
$LinDDOS_16={675F6241747461636B}
|
|
$LinDDOS_17={41747461636B576F726B6572}
|
|
$LinDDOS_18={4465616C7769746844446F53}
|
|
$LinDDOS_19={6B30306C6970}
|
|
$LinDDOS_20={646E73416D70}
|
|
$LinDDOS_21={675F6241747461636B2E62636F7079}
|
|
$LinDDOS_22={4465616C5769746844446F53}
|
|
condition:
|
|
any of them
|
|
} |