Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule NewDDOSBot_bin
- {
- meta:
- description = "NewDDOSBot"
- author = " James_inthe_box"
- reference = "https://app.any.run/tasks/209085da-a3b3-4317-923a-90a4a2e82414"
- date = "2019/01"
- maltype = "Bot"
- strings:
- $mz = { 4d 5a }
- $string1 = "PlatformID"
- $string2 = "NewDDOSBot"
- $string3 = "Make.My"
- $string4 = "My.Settings"
- $string5 = "WebBrowser"
- condition:
- ($mz at 0) and (all of ($string*))
- }
- rule NewDDOSBot_mem
- {
- meta:
- description = "NewDDOSBot"
- author = " James_inthe_box"
- reference = "https://app.any.run/tasks/209085da-a3b3-4317-923a-90a4a2e82414"
- date = "2018/12"
- maltype = "Bot"
- strings:
- $string1 = "t_type" wide
- $string2 = "knock_t" wide
- $string3 = "NaID" wide
- $string4 = "stop_t" wide
- condition:
- all of ($string*)
- }
- hashes:
- efdd39a444a372d5d14bb208f128fb65
- 78d164f8cc8430d730e849876d4e51e3
- c2's:
- http://banana999.com/php/gate.php
- http://apple322.com/php/gate.php
- artifacts:
- 1DA44AE17841369322DA459936B0E6CE::::2.15::::Microsoft Windows 7 Professional ::::0::::0
- {"t_type":"KNOCK","knock_t":"200"}::::CHK::::{"t_type":"STOP","NaID":"11757846464e8"}::::{"t_type":"STOP","NaID":"ff78964b321e5"}::::{"t_type":"STOP","NaID":"735d134476951"}::::{"t_type":"STOP","NaID":"6ed718961bff6"}::::{"t_type":"STOP","NaID":"d65d00d677cd8"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement