Common Information
| Type | Value |
|---|---|
| Value |
rule BusyBuzzard_convert_crc32_to_mutex_name {
meta:
author = "NCSC"
description = "Detects code bytes used by the TCP variant of Busy
Buzzard to convert a CRC32 value to its hex string representation in
reverse-nibble order"
date = "2022-03-25"
hash1 = "8fd99d9066020003358aa3e23c9af3d4911ce979"
hash2 = "266852db4ad2d293469515820fd5e7c228cd4b3e"
hash3 = "d2b8f4fe6eedb8b87521772fc823da596f2403b7"
strings:
$ = { 0F B6 C2 24 0F 3C 09 76 02 04 07 04 30 48 FF C1 C1 EA 04 49 FF C8 88 41 FF 75 E5 }
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |