Indicator (IOC)
Essential information
- Value / Name
6758df1ae1f88ce553e3eb76f95625c075978734- Confidence
- 100/100
- Revoked
- Yes
- Valid from
- 28/05/2024 13:28
- Valid until
- 31/08/2025 13:28
- Pattern type
- yara
- Published
- 21/12/2025 05:02
- Modified
- 21/12/2025 05:02
- Author / Source
- AlienVault
Description
No description.
Pattern
rule PTESC_tool_multi_ZZ_3snake__HackTool{
strings:
$a1 = "/proc/%d/cmdline"
$a2 = "/proc/%d/status"
$a3 = "/proc/%d/exe"
$a4 = "/usr/bin/ssh"
$a5 = "/usr/local/bin/"
$a6 = "/usr/local/sbin/"
$b1 = "intercept_ssh"
$b2 = "sshd: [net]"
$b3 = "sshd: [accepted]"
$b4 = "[-] Plisteneter %d has been killed %d"
condition:
( uint32be ( 0 ) == 0x7F454C46 ) and 4 of ( $a* ) and 2 of ( $b* )
}Labels / Tags
Marking (TLP)
TLP:CLEAR