From 82deb5cb281bc7cd11a54ee59f67ac6e27b884cb Mon Sep 17 00:00:00 2001
From: junk <junk@noreply.localhost>
Date: Wed, 8 Jan 2025 23:13:40 -0500
Subject: [PATCH] Add yara/volt_typhoon_cisa.md

---
 yara/volt_typhoon_cisa.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 yara/volt_typhoon_cisa.md

diff --git a/yara/volt_typhoon_cisa.md b/yara/volt_typhoon_cisa.md
new file mode 100644
index 0000000..6d6db43
--- /dev/null
+++ b/yara/volt_typhoon_cisa.md
@@ -0,0 +1,15 @@
+
+
+```
+rule ShellJSP {
+strings:
+$s1 = "decrypt(fpath)"
+$s2 = "decrypt(fcontext)"
+$s3 = "decrypt(commandEnc)"
+$s4 = "upload failed!"
+$s5 = "aes.encrypt(allStr)"
+$s6 = "newid"
+condition:
+filesize < 50KB and 4 of them
+}
+```
\ No newline at end of file