Yara Rule - Esxiargs 캠페인의 행위자가 수정 한 Endpoint.conf 파일에서 발견 된 표시기를 감지
Yara 정의.
Yara Rule - Detects indicators found in endpoint.conf files as modified by actors in the ESXiArgs campaign
Yara definition.
Author: Florian Roth
https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-47
date = "2023-08-04"
score = 75
$a1 = "/client/clients.xml" ascii
$a2 = "/var/run/vmware/proxy-sdk-tunnel" ascii fullword
$a3 = "redirect" ascii fullword
$a4 = "allow" ascii fullword
$s1 = " local 8008 allow allow"```
[https://github.com/Neo23x0/signature-base/commit/a47fa4b3ad105c52311d9cef02973695247676ef](https://github.com/Neo23x0/signature-base/commit/a47fa4b3ad105c52311d9cef02973695247676ef)