Add yara/volt_typhoon_cisa.md

2025-01-08 23:13:40 -05:00
parent 2698a19dd0
commit 82deb5cb28
1 changed files with 15 additions and 0 deletions
--- a/yara/volt_typhoon_cisa.md
+++ b/yara/volt_typhoon_cisa.md
@ -0,0 +1,15 @@
+
+
+```
+rule ShellJSP {
+strings:
+$s1 = "decrypt(fpath)"
+$s2 = "decrypt(fcontext)"
+$s3 = "decrypt(commandEnc)"
+$s4 = "upload failed!"
+$s5 = "aes.encrypt(allStr)"
+$s6 = "newid"
+condition:
+filesize < 50KB and 4 of them
+}
+```