Yara Rule - Cisco ASA 장치를 타겟팅하는 쉘 코드 로더 인 Line Dancer의 코드 섹션을 대상으로
Yara 정의.
Yara Rule - Targets code sections of Line Dancer, a shellcode loader targeting Cisco ASA devices.
Yara definition.
Author: NCSC
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf
date = "2024-04-24"
score = 75
id = "3b49a861-8107-577a-bae1-ae28d424cc13"
$ = { 48 8D 5E 20 48 8D 3D BB FF FF FF BA 20 00 00 00 }
$ = { 4C 89 EE 44 89 F2 48 8D 3D 9A 27 00 00 }
$ = { 41 FF D7 41 5F 41 5E 41 5D 41 5C 5B 5D 48 C7 C0 01 00 00 00 5F }```
[https://github.com/Neo23x0/signature-base/commit/007d9ddee386f68aca3a3aac5e1514782f02ed2d](https://github.com/Neo23x0/signature-base/commit/007d9ddee386f68aca3a3aac5e1514782f02ed2d)