Yara Rule - PortScanner.exe 파일의 자동 생성 규칙
Yara 정의.
Yara Rule - Auto-generated rule on file PortScanner.exe
Yara definition.
Author: yarGen Yara Rule Generator by Florian Roth
https://github.com/GhostPack/SharpWMI
date = "2018/04/06"
old_rule_name = "Z_WebShell"
hash = "ace12552f3a980f1eed4cadb02afe1bfb851cafc8e58fb130e1329719a07dbf0"
$ = "Z_PostBackJS" ascii wide
date = "2018/01/25"
old_rule_name = "z_webshell"
md5 = "2C9095C965A55EFC46E16B86F9B7D6C6"
$webshell_name = "public string z_progname =" nocase ascii wide
uint16(0) == 0x5a4d and filesize < 300KB and all of them
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
old_rule_name = "CN_Honker_F4ck_Team_f4ck_3"
date = "2015-06-23"
score = 70
hash = "7e3bf9b26df08cfa10f10e2283c6f21f5a3a0014"
uint16(0) == 0x5a4d and filesize < 2350KB and all of them
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
old_rule_name = "portscanner"
date = "2015-06-13"
hash = "1de367d503fdaaeee30e8ad7c100dd1e320858a4"
(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
old_rule_name = "HKTL_NET_GUID_sharpwmi"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
date = "2020-12-28"
(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
old_rule_name = "HKTL_NET_GUID_SharpWMI"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
date = "2020-12-28"
hash = "b381b9212282c0c650cb4b0323436c63"
old_rule_name = "PortScanner"
$s0 = "Scan Ports Every"
$s3 = "Scan All Possible Ports!"```
[https://github.com/Neo23x0/signature-base/commit/40121c44fa8923833ff9722bcbeed0eff2c00476](https://github.com/Neo23x0/signature-base/commit/40121c44fa8923833ff9722bcbeed0eff2c00476)