Yara Rule - MoveIT 전송 로그에서 발견 된 잠재적 감염 지표를 감지

allmnet · 6월 4, 2023, 3:00오전

Yara Rule - MoveIT 전송 로그에서 발견 된 잠재적 감염 지표를 감지

Yara 정의.

Yara Rule - Detects a potential compromise indicator found in MOVEit Transfer logs

Yara definition.

Author: Florian Roth

https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response

date = "2023-06-01"
date = "2023-06-03"
score = 70
$a1 = "Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/105.0.5195.102+Safari/537.36" ascii
$a2 = "Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/113.0.5672.127+Safari/537.36" ascii
$s1 = " POST /moveitisapi/moveitisapi.dll" ascii
$s2 = " POST /guestaccess.aspx"
$s3 = " POST /api/v1/folders/"
$s4 = "/files uploadType=resumable&"
$s5 = " action=m2 "```


[https://github.com/Neo23x0/signature-base/commit/11bac33b22c88dffbdfd8d81d0675c5d382c2267](https://github.com/Neo23x0/signature-base/commit/11bac33b22c88dffbdfd8d81d0675c5d382c2267)