forked from mandiant/sunburst_countermeasures
-
Notifications
You must be signed in to change notification settings - Fork 1
/
all-clam.ldb
4 lines (4 loc) · 1.19 KB
/
all-clam.ldb
1
2
3
4
# Copyright 2020 by FireEye, Inc.
# You may not use this file except in compliance with the license. The license should have been received with this file. You may obtain a copy of the license at:
# https://github.com/fireeye/sunburst_countermeasures/blob/main/LICENSE.txt
APT_HackTool_PS1_COSMICGALE_1;Engine:81-255,Target:7;0&1&2&3&4&5&6&7&8;5b746578742e656e636f64696e675d3a3a61736369692e676574627974657328226e7470617373776f7264603022293b;73797374656d5c63757272656e74636f6e74726f6c7365745c636f6e74726f6c5c6c73615c245f;5b73656375726974792e63727970746f6772617068792e6d64355d3a3a6372656174652829;5b73797374656d2e73656375726974792e7072696e636970616c2e77696e646f77736964656e746974795d3a3a67657463757272656e7428292e6e616d65;6f75742d66696c65;636f6e76657274746f2d736563757265737472696e67;0/\[byte\[\]\]@\([\x09\x20]{0,32}0xaa[\x09\x20]{0,32},[\x09\x20]{0,32}0xd3[\x09\x20]{0,32},[\x09\x20]{0,32}0xb4[\x09\x20]{0,32},[\x09\x20]{0,32}0x35[\x09\x20]{0,32},/;6/\[bitconverter\]::toint32\(\$\w{1,64}\[0x0c..0x0f\][\x09\x20]{0,32},[\x09\x20]{0,32}0\)[\x09\x20]{0,32}\+[\x09\x20]{0,32}0xcc\x3b/;7/\[byte\[\]\]\(\$\w{1,64}\.padright\(\d{1,2}\)\.substring\([\x09\x20]{0,32}0[\x09\x20]{0,32},[\x09\x20]{0,32}\d{1,2}\)\.tochararray\(\)\)/