upstyle malware detect add

file/malware/upstyle-malware.yaml

@@ -0,0 +1,31 @@
+id: upstyle-py-malware
+info:
+  name: Upstyle Malware - Detect
+  author: Kazgangap
+  severity: info
+  reference:
+    - https://unit42.paloaltonetworks.com/cve-2024-3400/
+    - https://github.com/volexity/threat-intel/blob/main/2024/2024-04-12%20Palo%20Alto%20Networks%20GlobalProtect/indicators/rules.yar
+  tags: malware,cve-2024-3400
+file:
+  - extensions:
+      - "py"
+
+    matchers:
+      - type: word
+        part: raw
+        words:
+          - "/opt/pancfg/mgmt/licenses/PA_VM"
+          - "exec(base64."
+        condition: or
+
+      - type: word
+        part: raw
+        words:
+          - "signal.signal(signal.SIGTERM,stop)"
+          - "exec(base64."
+        condition: or
+
+      - type: regex
+        regex:
+          - "write(\"/*\"+output+\"*/\")"