Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rule MAL_Cisco_LINE_VIPER_Shellcode_Initial_Execution {
- meta:
- author = "NCSC"
- description = "Detects LINE VIPER Cisco ASA malware code as part of shellcode initial execution."
- date = "2025-09-25"
- reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/RayInitiator-LINE-VIPER/ncsc-mar-rayinitiator-line-viper.pdf"
- score = 85
- strings:
- $xc1 = {
- 48 8D B7 80 00 00 00 BA 00 20 00 00 [19] 48 C7 C6 00
- 90 00 00 BA 07 00 00 00
- }
- $x1 = /SI23gAAAALoAIAAA[A-Za-z0-9+\/]{26}jHxgCQAAC6BwAAA/
- $x2 = /iNt4AAAAC6ACAAA[A-Za-z0-9+\/]{26}Ix8YAkAAAugcAAA/
- $x3 = /IjbeAAAAAugAgAA[A-Za-z0-9+\/]{26}SMfGAJAAALoHAAAA/
- condition:
- 1 of them
- }
Advertisement
Add Comment
Please, Sign In to add comment
