malware/XOR_DDosv1 · c2ff133fb917d90cf5cf10f96fede6f7da3e3044 · fact-depend / rules · GitLab

Blame History Permalink

Update XOR_DDosv1 · 35d27f71

“ and ” will occur syntax error, they should be changed to ". 
XOR_DDosv1(4): syntax error, unexpected $end, expecting _NUMBER_ or _TEXT_STRING_ or _TRUE_ or _FALSE_

authored 9 years ago

XOR_DDosv1 319 Bytes

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

rule XOR_DDosv1 : DDoS
{
  meta:
    author = "Akamai SIRT"
    description = "Rule to detect XOR DDos infection"
  strings:
    $st0 = "BB2FA36AAA9541F0"
    $st1 = "md5="
    $st2 = "denyip="
    $st3 = "filename="
    $st4 = "rmfile="
    $st5 = "exec_packet"
    $st6 = "build_iphdr"
  condition:
    all of them
}