Yara Rule - Barracuda ESG 익스플로잇에 사용되는 바닷물 맬웨어 감지 (CVE-2023-2868)
Yara 정의.
Yara Rule - Detects SALTWATER malware used in Barracuda ESG exploitations (CVE-2023-2868)
Yara definition.
Author: Florian Roth
https://www.barracuda.com/company/legal/esg-vulnerability
date = "2023-06-07"
score = 75
hash1 = "8849a3273e0362c45b4928375d196714224ec22cb1d2df5d029bf57349860347"
$sc1 = { 00 2D 63 00 2F 62 69 6E 2F 73 68 00 }
$s1 = "SSLShell"
uint32be(0) == 0x7f454c46
and uint16(0x10) == 0x0002
date = "2023-06-07"
score = 80
hash1 = "601f44cc102ae5a113c0b5fe5d18350db8a24d780c0ff289880cc45de28e2b80"
$x1 = "libbindshell.so"
$s1 = "ShellChannel"
$s2 = "MyWriteAll"
$s3 = "CheckRemoteIp"
$s4 = "run_cmd"
$s5 = "DownloadByProxyChannel"
$s6 = "[-] error: popen failed"
$s7 = "/home/product/code/config/ssl_engine_cert.pem"
uint16(0) == 0x457f and```
[https://github.com/Neo23x0/signature-base/commit/16185637a7edda4118a4505266452f6854cb1ca9](https://github.com/Neo23x0/signature-base/commit/16185637a7edda4118a4505266452f6854cb1ca9)