valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: bugfix in SSHDoor rule - missing "and"

Browse Source
This commit is contained in:
Florian Roth 2018-12-05 21:03:24 +01:00
parent a2c2478527
commit 73bfc659da
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yara/apt_triton_mal_sshdoor.yar
View File

@ -177,7 +177,7 @@ rule MAL_LNX_SSHDOOR_Triton {
$mimban_i2 = "PEM_read_bio_RSA_PUBKEY"
$mimban_i3 = "gethostbyname"
condition:
uint32be(0) == 0x7f454c46 // ELF
uint32be(0) == 0x7f454c46 and // ELF
( 1 of ($a_*) or 2 of ($ac_*) ) // SSH Binary
and (
( 1 of ($s*) ) or