Path : /usr/local/scan/lw-yara/includes/ |
Current File : //usr/local/scan/lw-yara/includes/indo-exploit.yar |
rule indo_exploit_tool { meta: author = "Brian Laskowski" info = " indo exploit 05-14-18 " strings: $a1= "root@indoxploit:" $b1= "exec" $c1= "shell_exec" $d1= "#/var/named/(.*?).db#" condition: all of them }