Yara Rule - Moveit 전송 익스플로레이션에 사용되는 ASPX 웹 쉘 감지
Yara 정의.
Yara Rule - Detects ASPX web shells as being used in MOVEit Transfer exploitation
Yara definition.
Author: Florian Roth
https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content
date = "2023-06-01"
score = 85
hash1 = "6cbf38f5f27e6a3eaf32e2ac73ed02898cbb5961566bb445e3c511906e2da1fa"
$x1 = "human2_aspx" ascii fullword
$x2 = "X-siLock-Comment" wide
$x3 = "x-siLock-Step1" wide
$a1 = "MOVEit.DMZ.Core.Data" ascii fullword
uint16(0) == 0x5a4d and```
[https://github.com/Neo23x0/signature-base/commit/4807bfb9aad25f731334614709c9d2c858ae0a8c](https://github.com/Neo23x0/signature-base/commit/4807bfb9aad25f731334614709c9d2c858ae0a8c)