valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: FPs with Armitage_MeterpreterSession_Strings on proc mem

Browse Source
This commit is contained in:
Florian Roth 2020-05-19 09:19:43 +02:00
parent 8e7d4a1158
commit 3aee93a2ee
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
yara/gen_armitage.yar
View File

@ -45,8 +45,7 @@ rule Armitage_MeterpreterSession_Strings {
$s1 = "session.meterpreter_read" fullword ascii
$s2 = "sniffer_dump" fullword ascii
$s3 = "keyscan_dump" fullword ascii
$s4 = "mimikatz_command" fullword ascii
$s5 = "MeterpreterSession.java" fullword ascii
$s4 = "MeterpreterSession.java" fullword ascii
condition:
filesize < 30KB and 1 of them
}