valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

One more slash to tighten rule

Browse Source
This commit is contained in:
Florian Roth 2021-03-10 08:16:36 +01:00 committed by GitHub
parent 0cd3e7a820
commit b060a45e48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
yara/apt_hafnium_log_sigs.yar
View File

@ -70,11 +70,11 @@ rule EXPL_LOG_CVE_2021_27055_Exchange_Forensic_Artefacts : LOG {
strings:
$x1 = "ServerInfo~" ascii wide
$s1 = "ecp/auth/w.js" ascii wide
$s2 = "owa/auth/w.js" ascii wide
$s3 = "ecp/y.js" ascii wide
$s4 = "ecp/main.css" ascii wide
$s5 = "ecp/default.flt" ascii wide
$s1 = "/ecp/auth/w.js" ascii wide
$s2 = "/owa/auth/w.js" ascii wide
$s3 = "/ecp/y.js" ascii wide
$s4 = "/ecp/main.css" ascii wide
$s5 = "/ecp/default.flt" ascii wide
condition:
$x1 and 1 of ($s*)
}