nuclei-templates/file/malware/hash/godzilla-webshell-hash.yaml

20 lines
837 B
YAML
Raw Permalink Normal View History

2024-06-20 09:42:34 +00:00
id: godzilla-webshell-hash
2024-06-19 10:13:35 +00:00
info:
2024-06-20 09:42:34 +00:00
name: Godzilla Webshell Hash - Detect
2024-06-19 10:13:35 +00:00
author: pussycat0x
severity: info
description: Detects the JSP implementation of the Godzilla Webshell.
reference:
- https://github.com/volexity/threat-intel/blob/main/2022/2022-08-10%20Mass%20exploitation%20of%20(Un)authenticated%20Zimbra%20RCE%20CVE-2022-27925/yara.yar
- https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
tags: malware,webshells
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '2786d2dc738529a34ecde10ffeda69b7f40762bf13e7771451f13a24ab7fc5fe'"
# digest: 4b0a00483046022100ef923e9e696242b4b131011cefeea985b6ff2d5a336f3d987fd240f9717ee34f022100f563f8d4f335a993968b3e542f5f944381f033939dcf870a4b823414fc9f1eab:922c64590222798bb761d5b6d8e72950