Yara Rule - Derusbi Backdoor ELF 커널 모듈을 감지

Yara Rule - Derusbi Backdoor ELF 커널 모듈을 감지

Yara 정의.

Yara Rule - Detects Derusbi Backdoor ELF Kernel Module

Yara definition.

Author: Fidelis Cybersecurity

https://github.com/fideliscyber/indicators/tree/master/FTA-1021

date = "2016/02/29"
modified = "2023-05-04"
$s1 = "LxMain"
$s36 = "closedir"
$s37 = "rename"
uint32(0) == 0x464c457f and all of them
date = "2016/02/29"
modified = "2023-05-04"
$s1 = "__this_module"
$s20 = "__netlink_kernel_create"
$s21 = "kfree_skb"
uint32(0) == 0x464c457f and all of them```


[https://github.com/Neo23x0/signature-base/commit/d88d638dcc103f04b7cf3b3bb48ec7df52e7d373](https://github.com/Neo23x0/signature-base/commit/d88d638dcc103f04b7cf3b3bb48ec7df52e7d373)