nuclei-templates/file/malware/hash/regeorg-webshell-hash.yaml

20 lines
822 B
YAML

id: regeorg-webshell-hash
info:
name: ReGeorg Webshell Hash - Detect
author: pussycat0x
severity: info
description: Detects the reGeorg webshells' JSP version.
reference:
- https://github.com/volexity/threat-intel/blob/main/2022/2022-08-10%20Mass%20exploitation%20of%20(Un)authenticated%20Zimbra%20RCE%20CVE-2022-27925/yara.yar
- https://github.com/SecWiki/WebShell-2/blob/master/reGeorg-master/tunnel.jsp
tags: malware,webshells
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == 'f9b20324f4239a8c82042d8207e35776d6777b6305974964cd9ccc09d431b845'"
# digest: 4b0a00483046022100b886e1dd58565f1e41c52634fd7e09dc53c65bcdcc1b14a157de50a37b1dbb03022100b0a926bd917b70266d4c40a32b2b3949208df60d484e07cad9f986e02c981591:922c64590222798bb761d5b6d8e72950