Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule Latentbot_bin
- {
- meta:
- description = "Latentbot"
- author = "James_inthe_box"
- reference = "459bb35b47d71971fd34877c6ddf00be5a6ccd343856ae57098b5f67b7660ec3"
- date = "2019/07"
- maltype = "Bot"
- strings:
- $string1 = "Unknown" ascii
- $string2 = "AnsiString" ascii
- $string3 = "UnicodeString" ascii
- $string4 = "Key not found !" wide
- $string5 = "CONTENT-LENGTH" wide
- $string6 = "TRANSFER-ENCODING" wide
- $string7 = "USER-AGENT" wide
- $string8 = "REFERER" wide
- $string9 = "HTTPS/1." wide
- $string10 = "COOKIE" wide
- $string11 = "X-FORWARDED-FOR" wide
- $string12 = "SET-COOKIE" wide
- $string13 = "Content-Disposition: form-data; name=\"" wide
- $string14 = "RTC Client" wide
- $string15 = "LoginPassword"
- $string16 = "LoginUserInfo"
- $string17 = "HELLO" wide
- $string18 = "ACTION" wide
- $string19 = "START" wide
- condition:
- uint16(0) == 0x5A4D and all of ($string*) and filesize < 4000KB
- }
- rule Latentbot_mem
- {
- meta:
- description = "Latentbot"
- author = "James_inthe_box"
- reference = "459bb35b47d71971fd34877c6ddf00be5a6ccd343856ae57098b5f67b7660ec3"
- date = "2019/07"
- maltype = "Bot"
- strings:
- $string1 = "Unknown" ascii
- $string2 = "AnsiString" ascii
- $string3 = "UnicodeString" ascii
- $string4 = "Key not found !" wide
- $string5 = "CONTENT-LENGTH" wide
- $string6 = "TRANSFER-ENCODING" wide
- $string7 = "USER-AGENT" wide
- $string8 = "REFERER" wide
- $string9 = "HTTPS/1." wide
- $string10 = "COOKIE" wide
- $string11 = "X-FORWARDED-FOR" wide
- $string12 = "SET-COOKIE" wide
- $string13 = "Content-Disposition: form-data; name=\"" wide
- $string14 = "RTC Client" wide
- $string15 = "LoginPassword"
- $string16 = "LoginUserInfo"
- $string17 = "HELLO" wide
- $string18 = "ACTION" wide
- $string19 = "START" wide
- condition:
- all of ($string*) and filesize > 4000KB
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement