mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-06 02:33:22 +08:00
27 lines
1.0 KiB
YAML
27 lines
1.0 KiB
YAML
id: madness-malware
|
|
|
|
info:
|
|
name: Madness DDOS Malware - Detect
|
|
author: daffainfo
|
|
severity: info
|
|
reference:
|
|
- https://github.com/arbor/yara/blob/master/madness.yara
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Madness.yar
|
|
tags: malware,file
|
|
file:
|
|
- extensions:
|
|
- all
|
|
matchers:
|
|
- type: word
|
|
part: raw
|
|
words:
|
|
- "TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNS4xOyBlbi1VUzsgcnY6MS44LjAuNSkgR2Vja28vMjAwNjA3MzEgRmlyZWZveC8xLjUuMC41IEZsb2NrLzAuNy40LjE"
|
|
- "TW96aWxsYS81LjAgKFgxMTsgVTsgTGludXggMi40LjItMiBpNTg2OyBlbi1VUzsgbTE4KSBHZWNrby8yMDAxMDEzMSBOZXRzY2FwZTYvNi4wMQ=="
|
|
- "document.cookie="
|
|
- "[\"cookie\",\""
|
|
- "\"realauth="
|
|
- "\"location\"];"
|
|
- "d3Rm"
|
|
- "ZXhl"
|
|
condition: and
|
|
# digest: 4b0a00483046022100fb173bef0e7676c3402ce9cc6d6a8629fe9dbd25c0eed3ce2f4dab030308bef1022100bbed9bff9e92ffaab0cf5f128067eb3058634d19369679df015dabd57a17fe96:922c64590222798bb761d5b6d8e72950 |