Common Information
| Type | Value |
|---|---|
| Value |
rule suspicious_cloud_credentials {
meta:
description = "Detects file containing a number of cloud credentials"
author = " [email protected] "
date = "2021-06-28"
license = "Apache License 2.0"
hash1 = "b58cf43cb4b000cb63334a8e20ca53e0112037daa178062c876a395092e1d8ca"
strings:
$ = ".aws/credentials" ascii wide nocase
$ = ".config/gcloud/access_tokens.db" ascii wide nocase
$ = ".azure/credentials" ascii wide nocase
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |