Common Information
| Type | Value |
|---|---|
| Value |
rule sus_ssh_add {
strings:
$a1 = "echo \"ssh-rsa AAAA"
$a2 = ">> /root/.ssh/authorized_keys"
$b1 = "pkill -f"
$b2 = "killall"
$b3 = " >> /etc/hosts"
condition:
all of ($a*) and any of ($b*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |