greysec/litterbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f9b235711024b30a4217a3dc866c89eba07ea286
litterbox/Scanners/Yara/rules/elastic-yara/Linux_Exploit_Criscras.yar
T
BlackSnufkin f9b2357110 Refresh scanner binaries + restructure YARA rules
2026-05-04 08:56:43 -07:00

21 lines
707 B
Plaintext
Raw Blame History

rule Linux_Exploit_Criscras_fc505c1d {
meta:
author = "Elastic Security"
id = "fc505c1d-f77d-48cc-b8fe-7b24b9cc6a97"
fingerprint = "bc5e980599c4c8fc3c9b560738d7187a0c91e2813c64b3ad0ff014230100c8d8"
creation_date = "2021-04-06"
last_modified = "2021-09-16"
threat_name = "Linux.Exploit.Criscras"
reference_sample = "7399f6b8fbd6d6c6fb56ab350c84910fe19cc5da67e4de37065ff3d4648078ab"
severity = 100
arch_context = "x86"
scan_context = "file, memory"
license = "Elastic License v2"
os = "linux"
strings:
$a = { 0C 89 21 89 E3 31 C0 B0 0B CD 80 31 C0 FE C0 CD }
condition:
all of them
}
Reference in New Issue View Git Blame Copy Permalink