litterbox/Scanners/Yara/rules/elastic-yara/Linux_Exploit_CVE_2009_2698.yar

rule Linux_Exploit_CVE_2009_2698_12374e97 {
    meta:
        author = "Elastic Security"
        id = "12374e97-385e-4b3a-9d50-39f35ad4f6dd"
        fingerprint = "2c669220ac8909e2336bbf9c38489c8e32d573ab6c29fa1e2e0c1fe69f7441ed"
        creation_date = "2021-01-12"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2009-2698"
        reference_sample = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 74 64 6F 75 74 00 66 77 72 69 74 65 00 64 65 73 63 00 63 76 65 00 }
    condition:
        all of them
}

rule Linux_Exploit_CVE_2009_2698_cc04dddd {
    meta:
        author = "Elastic Security"
        id = "cc04dddd-91d0-4c5f-a0ac-01787da7f369"
        fingerprint = "d3fdd66e486cb06bd63f6d8e471e66bc80990c4f0729eea16b47adc4cac80538"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2009-2698"
        reference_sample = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { C4 10 89 45 F4 83 7D F4 FF 75 1F 83 EC 0C 68 }
    condition:
        all of them
}