15 lines
423 B
Plaintext
15 lines
423 B
Plaintext
rule Rule_Coinminer_ELF_Format {
|
|
meta:
|
|
description = "Detect the risk of CoinMiner ELF Rule 1"
|
|
detail= "Detects Crypto Miner ELF format"
|
|
strings:
|
|
$str1 = "mining.set_difficulty" ascii
|
|
$str2 = "mining.notify" ascii
|
|
$str3 = "GhostRider" ascii
|
|
$str4 = "cn/turtle-lite" ascii
|
|
$str5 = "spend-secret-key" ascii
|
|
condition:
|
|
uint16(0) == 0x457f and
|
|
4 of them
|
|
}
|