Common Information
| Type | Value |
|---|---|
| Value |
rule M_APT_Tunneler_GOGETTER_2 {
meta:
author = "Mandiant"
strings:
$s1 = "\x00github.com/hashicorp/yamux.Client\x00"
$s2 = "\x00github.com/hashicorp/yamux.(*Session).AcceptStream\x00"
$sb1 = { 8D ?? 24 [1-5] 89 04 24 E8 [4-5] 8B 44 24 [1-2] 8B 4C 24 [4-32] 83 ?? 03 75 0D 66 81 3? 65 6E 75 06 80 7? 02 64 7? [1-2] C7 04 24 00 00 00 00 E8 }
condition:
(uint32(0) == 0x464c457f) and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |