rule dubrute : bruteforcer
{
meta:
author = "Christian Rebischke (@sh1bumi)"
date = "2015-09-05"
description = "Rules for DuBrute Bruteforcer"
in_the_wild = true
family = "Hackingtool/Bruteforcer"
strings:
$a = "WBrute"
$b = "error.txt"
$c = "good.txt"
$d = "source.txt"
$e = "bad.txt"
$f = "Generator IP@Login;Password"
condition:
//check for MZ Signature at offset 0
uint16(0) == 0x5A4D
and
//check for dubrute specific strings
$a and $b and $c and $d and $e and $f
}