Common Information
| Type | Value |
|---|---|
| Value |
rule mbedtls_mirai {
meta:
description = "finds Mirai binaries using mbedtls"
author = "Chris Hall @LaceworkLabs"
date = "2021-07-11"
strings:
$s1 = "id-at-postalAddress" ascii fullword
$s2 = "Usage does not match the keyUsage extension" ascii fullword
$s3 = "id-at-postalCode" ascii fullword
$s4 = "id-ce-extKeyUsage" ascii fullword
$s5 = "%s%-18s: %d bits" ascii fullword
$s6 = "id-ce-keyUsage" ascii fullword
$s7 = "npxXoudifFeEgGaACScs"
$s8 = "Mozilla" xor(1-255)
condition:
uint16(0) == 0x457f and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |