junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add yara/volt_typhoon_cisa.md

Browse Source
This commit is contained in:
junk
2025-01-08 23:13:40 -05:00
parent 2698a19dd0
commit 82deb5cb28
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
yara/volt_typhoon_cisa.md Normal file
View File

@ -0,0 +1,15 @@
```
rule ShellJSP {
strings:
$s1 = "decrypt(fpath)"
$s2 = "decrypt(fcontext)"
$s3 = "decrypt(commandEnc)"
$s4 = "upload failed!"
$s5 = "aes.encrypt(allStr)"
$s6 = "newid"
condition:
filesize < 50KB and 4 of them
}
```