Common Information
| Type | Value |
|---|---|
| Value |
rule CustomFRPClient {
meta:
description = "Identify instances of the actor's custom FRP tool based
on unique strings chosen by the actor and included in the tool"
strings:
$s1 = "%!PS-Adobe-" ascii wide nocase
$s2 = "github.com/fatedier/frp/cmd/frpc" ascii wide nocase
$s3 = "github.com/fatedier/frp/cmd/frpc/sub.startService" ascii wide nocase
$s4 = "MAGA2024!!!" ascii wide nocase
$s5 = "HTTP_PROXYHost: %s" ascii wide nocase
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |