Merge pull request #62 from DottoPing/patch-2

Update XOR_DDosv1

Merge pull request #62 from DottoPing/patch-2
Update XOR_DDosv1
45cf6fa1 · mmorenog · e1de6bbb · 35d27f71 · 45cf6fa1
Commit 45cf6fa1 authored Oct 29, 2015 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 9 deletions

XOR_DDosv1 malware/XOR_DDosv1 +9 -9

No files found.
--- a/malware/XOR_DDosv1
+++ b/malware/XOR_DDosv1
 rule XOR_DDosv1 : DDoS
 {
  meta:
-    author = “Akamai SIRT”
+    author = "Akamai SIRT"
-    description = “Rule to detect XOR DDos infection”
+    description = "Rule to detect XOR DDos infection"
  strings:
-    $st0 = “BB2FA36AAA9541F0”
+    $st0 = "BB2FA36AAA9541F0"
-    $st1 = “md5=”
+    $st1 = "md5="
-    $st2 = “denyip=”
+    $st2 = "denyip="
-    $st3 = “filename=”
+    $st3 = "filename="
-    $st4 = “rmfile=”
+    $st4 = "rmfile="
-    $st5 = “exec_packet”
+    $st5 = "exec_packet"
-    $st6 = “build_iphdr”
+    $st6 = "build_iphdr"
  condition:
    all of them
 }