API tools faq
paste
thatguy031415

ZXShell YARA Rule

thatguy031415
Dec 28th, 2015
574
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.38 KB | None | 0 0
raw download clone embed print report
  1. Note: an in-depth analysis of this tool will be posted shortly.
  2.  
  3. ZXShell YARA rule:
  4.  
  5.  
  6.  
  7. rule zxshell
  8. {
  9. meta:
  10. description = "ZXShell YARA rule"
  11. author = "Brian C. Bell - @biebsmalwareguy"
  12.  
  13. strings:
  14. $s0 = "ZXHttpServer" nocase ascii
  15. $s1 = "ZXHttpProxy" nocase ascii
  16. $s2 = "ZXARPS" nocase ascii
  17. $s3 = "zxplug" nocase ascii
  18.  
  19. condition:
  20. 2 of ($s*)
  21. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!