From 93c431b1f76355faae99831b034f682b9bbe48a0 Mon Sep 17 00:00:00 2001
From: johnk3r <6247648+johnk3r@users.noreply.github.com>
Date: Mon, 22 Jul 2024 16:57:46 -0300
Subject: [PATCH 1/2] Create 7777botnet.yaml

---
 network/c2/7777botnet.yaml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 network/c2/7777botnet.yaml

diff --git a/network/c2/7777botnet.yaml b/network/c2/7777botnet.yaml
new file mode 100644
index 0000000000..e215fa2c2d
--- /dev/null
+++ b/network/c2/7777botnet.yaml
@@ -0,0 +1,30 @@
+id: 7777botnet-detect
+
+info:
+  name: 7777-Botnet - Detect
+  author: johnk3r
+  severity: info
+  reference:
+    - https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: product:'hash:1357418825'
+  tags: network,c2,ir,osint,cti,darktrack,botnet,tcp
+
+tcp:
+  - inputs:
+      - data: "fffc01fffb1ffffa1f00500018fff0fffd01fffd03"
+        read: 2048
+
+    host:
+      - "{{Hostname}}"
+    port: 7777
+
+    matchers:
+      - type: word
+        part: data
+        words:
+          - "xlog"
+          - "in"
+        condition: and

From ef043e20b881205e556592a5d5f7116e8ea3dea5 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 24 Jul 2024 15:12:22 +0530
Subject: [PATCH 2/2] Update 7777botnet.yaml

---
 network/c2/7777botnet.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/network/c2/7777botnet.yaml b/network/c2/7777botnet.yaml
index e215fa2c2d..fce490d510 100644
--- a/network/c2/7777botnet.yaml
+++ b/network/c2/7777botnet.yaml
@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-    shodan-query: product:'hash:1357418825'
+    shodan-query: 'hash:1357418825'
   tags: network,c2,ir,osint,cti,darktrack,botnet,tcp
 
 tcp: