valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Serv-U exploitation update

Browse Source
This commit is contained in:
Florian Roth 2021-07-14 09:43:54 +02:00
parent a529dafa19
commit 3c9bc5f0a5
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yara/yara_mixed_ext_vars.yar
View File

@ -331,7 +331,7 @@ rule SUSP_ServU_SSH_Error_Pattern_Jul21_1 {
date = "2021-07-12"
score = 60
strings:
$s1 = " - EXCEPTION: " ascii
$s1 = "EXCEPTION: C0000005;" ascii
$s2 = "CSUSSHSocket::ProcessReceive();" ascii
condition:
filename == "DebugSocketlog.txt"
@ -349,6 +349,8 @@ rule SUSP_ServU_Known_Mal_IP_Jul21_1 {
$xip1 = "98.176.196.89" ascii fullword
$xip2 = "68.235.178.32" ascii fullword
$xip3 = "208.113.35.58" ascii fullword
$xip4 = "144.34.179.162" ascii fullword
$xip5 = "97.77.97.58" ascii fullword
condition:
filename == "DebugSocketlog.txt"
and 1 of them