Yara Rule - 웹 쉘 자동 생성 - 파일 phpshell.php

allmnet · 11월 24, 2023, 12:40오전

Yara Rule - 웹 쉘 자동 생성 - 파일 phpshell.php

Yara 정의.

Yara Rule - Webshells Auto-generated - file phpshell.php

Yara definition.

Author: Florian Roth (Nextron Systems)

https://github.com/Voulnet/CVE-2017-8759-Exploit-sample

date = "2017-09-14"
modified = "2023-11-21"
hash1 = "6314c5696af4c4b24c3a92b0e92a064aaf04fd56673e830f4d339b8805cc9635"
$s1 = "soap:wsdl=http://" ascii wide
$s2 = "soap:wsdl=https://" ascii wide
$s3 = "soap:wsdl=http%3" ascii wide
$s4 = "soap:wsdl=https%3" ascii wide
$c1 = "Project.ThisDocument.AutoOpen" fullword wide
old_rule_name = "phpshell"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
hash = "1dccb1ea9f24ffbd085571c88585517b"```


[https://github.com/Neo23x0/signature-base/commit/b9202a37f70f02cd3ad0761d61ffd013a2a3d885](https://github.com/Neo23x0/signature-base/commit/b9202a37f70f02cd3ad0761d61ffd013a2a3d885)