description = "Command-line execution of the PsExec tool on Windows" yara_version = "YL2.0" rule_version = "1.0" events: re.regex($e1.principal.process.command_line, `\bpsexec(\.exe)?\b`) nocase condition: $e1 } 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 可...
description = "Command-line execution of the PsExec tool on Windows" yara_version = "YL2.0" rule_version = "1.0" events: re.regex($e1.principal.process.command_line, `\bpsexec(\.exe)?\b`) nocase condition: $e1 } 可疑的psexec、shutdown关机: 1 2 3 4 5 6 7 8 9 10 11 12 13...
{ DDEAUTO c:\\windows\\system32\\cmd.exe" /k notepad.exe"} { DDE c:\\windows\\system32\\cmd.exe" /k notepad.exe"} 2)安全事件 这种DDE攻击技术首次被高级持续威胁(APT)黑客组织APT28利用,FireEye公司发布了最新的威胁情报报告《APT28: At The Center for The Storm(APT28:位于风暴中心)》。在...
Windows copyHyara_Ghidra.py and hyara_lib foldertoC:\\Users\\User\\.ghidra\\.ghidra.X.X.X\\Extensions\\Ghidrathon-X.X.X\\data\\python\\ # Window -> GhidrathonimportHyara_GhidraHyara_Ghidra.run() Features GUI-based Supports IDA, BinaryNinja, Cutter and Ghidra. ...
rule hacktool_windows_mimikatz_copywrite{meta:description="Mimikatz credential dump tool: Author copywrite"reference="https://github.com/gentilkiwi/mimikatz"author="@fusionrace"md5_1="0c87c0ca04f0ab626b5137409dded15ac66c058be6df09e22a636cc2bcb021b8"md5_2="0c91f4ca25aedf306d68edaea63b84ef...
Windows copyHyara_Ghidra.py and hyara_lib foldertoC:\\Users\\User\\.ghidra\\.ghidra.X.X.X\\Extensions\\Ghidrathon-X.X.X\\data\\python\\ # Window -> GhidrathonimportHyara_GhidraHyara_Ghidra.run() Features GUI-based Supports IDA, BinaryNinja, Cutter and Ghidra. ...
NVIDIA DOCA YARA 检测应用程序指南说明书 MLNX-15-060590 _v2.0.2 | May 2023NVIDIA DOCA YARA Inspection Application Guide Application Guide
现在不妨运行规则,我们将其保存为名为rule1.yar的文件。我们想针对包含多个不同文件的文件夹运行它,其中两个是netcat软件的32位和64位版本(图A)。我们用于测试的系统是Ubuntu Linux发行版,但这没关系,因为Yara可以轻松安装在Linux、Mac或Windows操作系统上。
{ DDEAUTO c:\\windows\\system32\\cmd.exe " /k notepad.exe" } { DDE c:\\windows\\system32\\cmd.exe " /k notepad.exe" } 2)安全事件 这种DDE攻击技术首次被高级持续威胁(APT)黑客组织APT28利用,FireEye公司发布了最新的威胁情报报告《APT28: At The Center for The Storm(APT28:位于风暴中心)...
It also contains rules for output or temporary files of the mentioned hacktools that adversaries sometimes forget to remove from the compromised systems. Special Strengths: Rules to detect a variety of offensive security tools and frameworks Rules cover the tool itself, output, helper files and ...