Skip to content

Instantly share code, notes, and snippets.

@taiyoslime

taiyoslime/1_defense.py

Created December 23, 2018 14:18
Show Gist options
  • Save taiyoslime/942d200f96593df9ecfb823112886f2c to your computer and use it in GitHub Desktop.
Save taiyoslime/942d200f96593df9ecfb823112886f2c to your computer and use it in GitHub Desktop.
Download ZIP
defense scripts of server-1(壱) in SECCON CTF 2018 International
Raw
1_defense.py
import requests
import json
BASE_URL = "http://172.24.0.11/"
BASE_DEFENSE_URL = BASE_URL + "defense/"
TEAM_NAME = "TSG"
TEAM_IP_ADDRESS = "192.168.***.***"
with open("defense", "r") as f:
payload = f.read()
data = {'yara_rules': payload}
print(data['yara_rules'])
r = requests.post(BASE_DEFENSE_URL + 'register/{}'.format(TEAM_IP_ADDRESS), data=json.dumps(data))
print(r.text)
assert(r.status_code == 200)
assert('succeeded' in r.json()['status'])
Raw
defense
rule TSG_oracle001_0: oracle001
{
meta:
author = "192.168.***.***"
condition:
filesize == 16
}
rule TSG_oracle002_0: oracle002
{
meta:
author = "192.168.***.***"
strings:
$a = "ABCDEFGH"
$b = "IJKLMNOP"
condition:
filesize == 16 and ($a in (0..15) and ($b in (0..15)))
}
rule TSG_oracle003_0: oracle003
{
meta:
author = "192.168.***.***"
strings:
$a = "PNFEVOVT"
$b = "IUMQ"
condition:
filesize == 16 and ($a in (2..9)) and ($b in (12..15))
}
rule TSG_oracle004_0: oracle004
{
meta:
author = "192.168.***.***"
strings:
$a = "ABCDEFGH"
$b = "IJKLMNOP"
condition:
filesize == 16 and ($a in (0..7)) and ($b in (8..15))
}
rule TSG_oracle005_0: oracle005
{
meta:
author = "192.168.***.***"
condition:
filesize == 28
}
rule TSG_oracle006_0: oracle006
{
meta:
author = "192.168.***.***"
condition:
filesize == 16
}
rule TSG_oracle007_0: oracle007
{
meta:
author = "192.168.***.***"
condition:
filesize == 19
}
rule TSG_oracle008_0: oracle008
{
meta:
author = "192.168.***.***"
strings:
$a = "ABCD"
$b = "IJKL"
condition:
filesize == 16 and ($a in (0..3)) and ($b in (4..7))
}
rule TSG_oracle009_0: oracle009
{
meta:
author = "192.168.***.***"
strings:
$a = "NXTD"
$b = "BMQP"
condition:
filesize == 16 and ($a in (12..15)) and ($b in (5..8))
}
rule TSG_oracle010_0: oracle010
{
meta:
author = "192.168.***.***"
strings:
$a = "SBLYQPVL"
$b = "LGFUDCVT"
condition:
filesize == 16 and ($a in (0..15)) and ($b in (0..15))
}
rule TSG_oracle013_0: oracle013
{
meta:
author = "192.168.***.***"
strings:
$a = "UJGXGMQX"
$b = "QQOGMYRY"
condition:
filesize == 16 and ($a in (0..15) and ($b in (0..15)))
}
rule TSG_oracle014_0: oracle014
{
meta:
author = "192.168.***.***"
strings:
$a = "VE"
$b = "PCWQGOMT"
$c = "JOPE"
$d = "IUFBKTAN"
$e = "AKSYJFVE"
$f = "HQOVWKBF"
$g = "NQWDASYO"
$h = "JW"
$i = "JRMQETOL"
$j = "LPOUMEIW"
$k = "JVNEACIM"
$l = "FRUYJNTQ"
$m = "IRDMHJZW"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle015_0: oracle015
{
meta:
author = "192.168.***.***"
strings:
$a = "YQ"
$b = "FCDSDWQY"
$c = "OAUG"
$d = "FMWLHBBE"
$e = "JZSFUPYQ"
$f = "JZDRIKYM"
$g = "JWKIYQTU"
$h = "WY"
$i = "CJYLVUWT"
$j = "RMLHPBGQ"
$k = "FYJNABEG"
$l = "CTIFAJVZ"
$m = "PRERYAWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle016_0: oracle016
{
meta:
author = "192.168.***.***"
strings:
$a = "PE"
$b = "PCWQGOMT"
$c = "JOPE"
$d = "IUFBKTAN"
$e = "AKSYJFVE"
$f = "HQOVWKBF"
$g = "NQWDASYO"
$h = "LL"
$i = "JRMQETOL"
$j = "LPOUMEIW"
$k = "JVNEACIM"
$l = "FRUYJNTQ"
$m = "IRDMHJZW"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle017_0: oracle017
{
meta:
author = "192.168.***.***"
strings:
$a = "PZ"
$b = "ZEFKPAQM"
$c = "HVPZ"
$d = "IULKCHWE"
$e = "VJFHSZTA"
$f = "TNCFGIJR"
$g = "BRUIFEGC"
$h = "WU"
$i = "GNVYDFTU"
$j = "WTRQJVBD"
$k = "NFMLCBAP"
$l = "CYJRJFIG"
$m = "KSVDFEAQ"
condition:
filesize == 15 and ((($a in (0..14) and (($b in (0..14) and ($c in (5..14) or $d in (0..14))) or (($e in (0..14) and $f in (0..14)) or $g in (0..14)))) or ($h in (0..14)and ($i in (0..14) and $j in (0..14))or $k in (0..14) )or ($l in (0..14) and $m in (0..14))))
}
rule TSG_oracle018_0: oracle018
{
meta:
author = "192.168.***.***"
strings:
$a = "TZ"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "FG"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle021_0: oracle021
{
meta:
author = "192.168.***.***"
strings:
$a = "QXAJYI"
$b = "YIVQ"
condition:
filesize == 16 and ($a in (0..15) and ($b in (0..15)))
}
rule TSG_oracle022_0: oracle022
{
meta:
author = "192.168.***.***"
strings:
$a = "TY"
$b = "USAKPDYT"
$c = "SBYIAHVZ"
$d = "AJZNSDCG"
$e = "YDBIKGST"
$f = "QEBCMDRT"
$g = "UHFRGIAC"
$h = "SH"
$i = "QCKIUBWH"
$j = "SIEGKTPF"
$k = "ORTKIQVE"
$l = "LJDKOWEA"
$m = "SPAGQNKC"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle024_0: oracle024
{
meta:
author = "192.168.***.***"
strings:
$a = "TY"
$b = "USAKPDYT"
$c = "SBYIAHVZ"
$d = "AJZNSDCG"
$e = "YDBIKGST"
$f = "QEBCMDRT"
$g = "UHFRGIAC"
$h = "QF"
$i = "QCKIUBWH"
$j = "SIEGKTPF"
$k = "ORTKIQVE"
$l = "LJDKOWEA"
$m = "SPAGQNKC"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle026_0: oracle026
{
meta:
author = "192.168.***.***"
strings:
$a = "GU"
$b = "USAKPDYT"
$c = "SBYIAHVZ"
$d = "AJZNSDCG"
$e = "YDBIKGST"
$f = "QEBCMDRT"
$g = "UHFRGIAC"
$h = "QF"
$i = "QCKIUBWH"
$j = "SIEGKTPF"
$k = "ORTKIQVE"
$l = "LJDKOWEA"
$m = "SPAGQNKC"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle028_0: oracle028
{
meta:
author = "192.168.***.***"
strings:
$a = "BS"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "BP"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle029_0: oracle029
{
meta:
author = "192.168.***.***"
strings:
$a = "QB"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "AZ"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle030_0: oracle030
{
meta:
author = "192.168.***.***"
strings:
$a = "QI"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "VX"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle031_0: oracle031
{
meta:
author = "192.168.***.***"
strings:
$a = "OF"
$b = "LRGQHCMD"
$c = "LJBQ"
$d = "MDCWZYRT"
$e = "IMHPUVOF"
$f = "WYIVLUTP"
$g = "RDANPTKW"
$h = "UQ"
$i = "UAVSKCJL"
$j = "GMSVYRBQ"
$k = "JETZWKMG"
$l = "SKADIZLR"
$m = "YCOHLJUB"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle033_0: oracle033
{
meta:
author = "192.168.***.***"
strings:
$a = "FA"
$b = "ABQMUTSZ"
$c = "TRPQZNHK"
$d = "QBDWGIKF"
$e = "MFBELBIG"
$f = "KCVZSUGJ"
$g = "SKHQTVMB"
$h = "QG"
$i = "NLYZOIHS"
$j = "GTKIBSOR"
$k = "LQCJEASV"
$l = "DEJMZUTC"
$m = "KQVLUGJT"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle035_0: oracle035
{
meta:
author = "192.168.***.***"
strings:
$a = "FI"
$b = "GHSUNAPF"
$c = "INFVDZDJ"
$d = "HJPDBILC"
$e = "RILJKOGM"
$f = "BHRZNAJQ"
$g = "ANBTPVYZ"
$h = "LU"
$i = "HCLZDIRU"
$j = "LRMCUJPH"
$k = "UJFEZMAH"
$l = "GCEBODML"
$m = "SMGUHJYW"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle036_0: oracle036
{
meta:
author = "192.168.***.***"
strings:
$a = "BQ"
$b = "LRGQHCMD"
$c = "LJBQ"
$d = "MDCWZYRT"
$e = "IMHPUVOF"
$f = "WYIVLUTP"
$g = "RDANPTKW"
$h = "UQ"
$i = "UAVSKCJL"
$j = "GMSVYRBQ"
$k = "JETZWKMG"
$l = "SKADIZLR"
$m = "YCOHLJUB"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle037_0: oracle037
{
meta:
author = "192.168.***.***"
strings:
$a = "BBBBAAAA"
$b = "AAAABBBB"
condition:
filesize == 16 and ($a in (0..15) and ($b in (0..15)))
}
rule TSG_oracle038_0: oracle038
{
meta:
author = "192.168.***.***"
strings:
$a = "VB"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "IV"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle039_0: oracle039
{
meta:
author = "192.168.***.***"
strings:
$a = "TS"
$b = "USAKPDYT"
$c = "SBYIAHVZ"
$d = "AJZNSDCG"
$e = "YDBIKGST"
$f = "QEBCMDRT"
$g = "UHFRGIAC"
$h = "MC"
$i = "QCKIUBWH"
$j = "SIEGKTPF"
$k = "ORTKIQVE"
$l = "LJDKOWEA"
$m = "SPAGQNKC"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle040_0: oracle040
{
meta:
author = "192.168.***.***"
strings:
$a = "PI"
$b = "ZJWKHCRP"
$c = "ILHAWDEJ"
$d = "SBWYKPAU"
$e = "ZLCBBQIR"
$f = "LBKRSADJ"
$g = "DVWHJLFK"
$h = "SK"
$i = "UCRFGPNO"
$j = "NVCOJPHM"
$k = "SQFTJKNE"
$l = "QHESMGLA"
$m = "DJRLBQPO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle041_0: oracle041
{
meta:
author = "192.168.***.***"
strings:
$a = "QB"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "MO"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle043_0: oracle043
{
meta:
author = "192.168.***.***"
strings:
$a = "JZ"
$b = "ZJWKHCRP"
$c = "ILHAWDEJ"
$d = "SBWYKPAU"
$e = "ZLCBBQIR"
$f = "LBKRSADJ"
$g = "DVWHJLFK"
$h = "NO"
$i = "UCRFGPNO"
$j = "NVCOJPHM"
$k = "SQFTJKNE"
$l = "QHESMGLA"
$m = "DJRLBQPO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle045_0: oracle045
{
meta:
author = "192.168.***.***"
strings:
$a = "BQ"
$b = "LRGQHCMD"
$c = "LJBQ"
$d = "MDCWZYRT"
$e = "IMHPUVOF"
$f = "WYIVLUTP"
$g = "RDANPTKW"
$h = "GL"
$i = "UAVSKCJL"
$j = "GMSVYRBQ"
$k = "JETZWKMG"
$l = "SKADIZLR"
$m = "YCOHLJUB"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle046_0: oracle046
{
meta:
author = "192.168.***.***"
strings:
$a = "UF"
$b = "FQPLUKGY"
$c = "GPQSRIBA"
$d = "HIMQDABU"
$e = "BFPZWUIQ"
$f = "FKIEHUOV"
$g = "KGMQPJAR"
$h = "IW"
$i = "IVTFAQDO"
$j = "REBVNWJC"
$k = "PGTQAJVB"
$l = "HDFIQWJJ"
$m = "KHVMRQLE"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle047_0: oracle047
{
meta:
author = "192.168.***.***"
strings:
$a = "DL"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "WX"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle048_0: oracle048
{
meta:
author = "192.168.***.***"
strings:
$a = "UF"
$b = "FQPLUKGY"
$c = "GPQSRIBA"
$d = "HIMQDABU"
$e = "BFPZWUIQ"
$f = "FKIEHUOV"
$g = "KGMQPJAR"
$h = "RO"
$i = "IVTFAQDO"
$j = "REBVNWJC"
$k = "PGTQAJVB"
$l = "HDFIQWJJ"
$m = "KHVMRQLE"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle050_0: oracle050
{
meta:
author = "192.168.***.***"
strings:
$a = "UZ"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "IE"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle011_0: oracle011
{
meta:
author = "192.168.***.***"
strings:
$a = "RNZPV"
$b = "ULYYYX"
condition:
filesize == 16 and ($a in (2..6) and ($b in (10..15)))
}
rule TSG_oracle049_0: oracle049
{
meta:
author = "192.168.***.***"
strings:
$a = "FTGDOJGVOUTRBI"
condition:
filesize == 16 and ($a in (0..13))
}
rule TSG_oracle044_0: oracle044
{
meta:
author = "192.168.***.***"
condition:
filesize == 7
}
rule TSG_oracle042_0: oracle042
{
meta:
author = "192.168.***.***"
condition:
filesize == 11
}
rule TSG_oracle034_0: oracle034
{
meta:
author = "192.168.***.***"
strings:
$a = "JYMPPRSQJNUKBOPT"
condition:
filesize == 16 and ($a in (0..15))
}
rule TSG_oracle032_0: oracle032
{
meta:
author = "192.168.***.***"
strings:
$a = "GFRJICTUKZHCW"
condition:
filesize == 16 and ($a in (0..12))
}
rule TSG_oracle027_0: oracle027
{
meta:
author = "192.168.***.***"
strings:
$a = "ELKYKNFO"
$b = "OL"
$c = "LTTIRHUX"
$d = "WCWIUUDQ"
condition:
filesize == 16 and ( $a in (0..15) and ($b in (0..15) and ($c in (0..15) or $d in (0..15))))
}
rule TSG_oracle025_0: oracle025
{
meta:
author = "192.168.***.***"
strings:
$a = "PNFEVOVLLHLXNRFF"
condition:
filesize == 16 and ( $a in (0..15) )
}
rule TSG_oracle020_0: oracle020
{
meta:
author = "192.168.***.***"
condition:
filesize == 3
}
rule TSG_oracle019_0: oracle019
{
meta:
author = "192.168.***.***"
condition:
filesize == 9
}
rule TSG_oracle012_0: oracle012
{
meta:
author = "192.168.***.***"
strings:
$a = "XWPTRURXRXGVJWDU"
condition:
filesize == 16 and ( $a in (0..15) )
}
rule TSG_oracle023_0: oracle023
{
meta:
author = "192.168.***.***"
strings:
$a = "JT"
$b = "ML"
$c = "KHIJTTGM"
$d = "LTTIRHUX"
$e = "FAHWTHIQ"
$f = "GAJMGGRA"
$g = "AUMGFPFZ"
$h = "FFHCBVZF"
$i = "AJ"
$j = "UQYBRUTA"
$k = "JHGHRFXD"
$l = "NBZRGFSV"
$m = "KHIJFUFF"
$n = "WWHLDBJE"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (7..15) and ( ($c in (0..7) and $d in (0..15) ) or ($e in (0..15)))) or (($f in (0..15) and $g in (8..15)) or $h in (8..15)))) or ($i in (0..15) and ($j in (0..15) and $k in (8..15))or $l in (8..15) )or ($m in (0..15) and $n in (8..15))))
}
rule TSG_oracle051_0: oracle051
{
meta:
author = "192.168.***.***"
strings:
$a = "PI"
$b = "ZJWKHCRP"
$c = "ILHAWDEJ"
$d = "SBWYKPAU"
$e = "ZLCBBQIR"
$f = "LBKRSADJ"
$g = "DVWHJLFK"
$h = "NO"
$i = "UCRFGPNO"
$j = "NVCOJPHM"
$k = "SQFTJKNE"
$l = "QHESMGLA"
$m = "DJRLBQPO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle052_0: oracle052
{
meta:
author = "192.168.***.***"
strings:
$a = "RC"
$b = "BVSTFNZP"
$c = "TNFW"
$d = "ZPZLTOAE"
$e = "HEFBTJRC"
$f = "OAWYIQTB"
$g = "VMARCYPU"
$h = "FT"
$i = "NBJPVJIT"
$j = "FJPYMRTQ"
$k = "JAOKFYGP"
$l = "ZCVBPAIQ"
$m = "KRRNDHIL"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle053_0: oracle053
{
meta:
author = "192.168.***.***"
strings:
$a = "HF"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "OX"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle054_0: oracle054
{
meta:
author = "192.168.***.***"
strings:
$a = "DD"
$b = "DFTVAICE"
$c = "FQIELACS"
$d = "BQUHFMID"
$e = "MKNLGHQE"
$f = "OARHBFES"
$g = "JHIVNWOY"
$h = "MP"
$i = "WOJJPINA"
$j = "LGDMKZPQ"
$k = "MHLSTRDW"
$l = "QCRWIOGE"
$m = "SATMCVWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle055_0: oracle055
{
meta:
author = "192.168.***.***"
strings:
$a = "TZ"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "VG"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle056_0: oracle056
{
meta:
author = "192.168.***.***"
strings:
$a = "AL"
$b = "ALMZDHWD"
$c = "CNBVSTGR"
$d = "WDLOQAVU"
$e = "OSPVHMBK"
$f = "VFGQYZST"
$g = "EWNAMBYO"
$h = "LB"
$i = "RLNMSHQB"
$j = "LIKTZURC"
$k = "IARYTEZB"
$l = "IJBRPHQJ"
$m = "BIVROLQH"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle057_0: oracle057
{
meta:
author = "192.168.***.***"
strings:
$a = "QI"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "MO"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle058_0: oracle058
{
meta:
author = "192.168.***.***"
strings:
$a = "GR"
$b = "ALMZDHWD"
$c = "CNBVSTGR"
$d = "WDLOQAVU"
$e = "OSPVHMBK"
$f = "VFGQYZST"
$g = "EWNAMBYO"
$h = "CO"
$i = "RLNMSHQB"
$j = "LIKTZURC"
$k = "IARYTEZB"
$l = "IJBRPHQJ"
$m = "BIVROLQH"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle059_0: oracle059
{
meta:
author = "192.168.***.***"
strings:
$a = "VB"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "IJ"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle060_0: oracle060
{
meta:
author = "192.168.***.***"
strings:
$a = "FU"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "AZ"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle061_0: oracle061
{
meta:
author = "192.168.***.***"
strings:
$a = "FU"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "XR"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle062_0: oracle062
{
meta:
author = "192.168.***.***"
strings:
$a = "FW"
$b = "BVSTFNZP"
$c = "TNFW"
$d = "ZPZLTOAE"
$e = "HEFBTJRC"
$f = "OAWYIQTB"
$g = "VMARCYPU"
$h = "NQ"
$i = "NBJPVJIT"
$j = "FJPYMRTQ"
$k = "JAOKFYGP"
$l = "ZCVBPAIQ"
$m = "KRRNDHIL"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle063_0: oracle063
{
meta:
author = "192.168.***.***"
strings:
$a = "VE"
$b = "PCWQGOMT"
$c = "JOPE"
$d = "IUFBKTAN"
$e = "AKSYJFVE"
$f = "HQOVWKBF"
$g = "NQWDASYO"
$h = "LL"
$i = "JRMQETOL"
$j = "LPOUMEIW"
$k = "JVNEACIM"
$l = "FRUYJNTQ"
$m = "IRDMHJZW"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle064_0: oracle064
{
meta:
author = "192.168.***.***"
strings:
$a = "KF"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "BP"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle065_0: oracle065
{
meta:
author = "192.168.***.***"
strings:
$a = "MD"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "IJ"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle066_0: oracle066
{
meta:
author = "192.168.***.***"
strings:
$a = "SM"
$b = "DFTVAICE"
$c = "FQIELACS"
$d = "BQUHFMID"
$e = "MKNLGHQE"
$f = "OARHBFES"
$g = "JHIVNWOY"
$h = "WQ"
$i = "WOJJPINA"
$j = "LGDMKZPQ"
$k = "MHLSTRDW"
$l = "QCRWIOGE"
$m = "SATMCVWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle067_0: oracle067
{
meta:
author = "192.168.***.***"
strings:
$a = "VP"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "PS"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle068_0: oracle068
{
meta:
author = "192.168.***.***"
strings:
$a = "DL"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "AY"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle069_0: oracle069
{
meta:
author = "192.168.***.***"
strings:
$a = "HF"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "PS"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle070_0: oracle070
{
meta:
author = "192.168.***.***"
strings:
$a = "TV"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "JJ"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle071_0: oracle071
{
meta:
author = "192.168.***.***"
strings:
$a = "FU"
$b = "BCUAEWDQ"
$c = "IEDPVKSJ"
$d = "NOTLRIWQ"
$e = "UQAELFBY"
$f = "YHJSBNCF"
$g = "VBAJKSOM"
$h = "MO"
$i = "APYCMHUO"
$j = "MWOKNHCZ"
$k = "QTDURYVM"
$l = "VMSERJPI"
$m = "UBYVKSZM"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle072_0: oracle072
{
meta:
author = "192.168.***.***"
strings:
$a = "UG"
$b = "FCDSDWQY"
$c = "OAUG"
$d = "FMWLHBBE"
$e = "JZSFUPYQ"
$f = "JZDRIKYM"
$g = "JWKIYQTU"
$h = "RT"
$i = "CJYLVUWT"
$j = "RMLHPBGQ"
$k = "FYJNABEG"
$l = "CTIFAJVZ"
$m = "PRERYAWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle073_0: oracle073
{
meta:
author = "192.168.***.***"
strings:
$a = "LS"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "GZ"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle074_0: oracle074
{
meta:
author = "192.168.***.***"
strings:
$a = "ED"
$b = "MOVLGPZE"
$c = "DYTUGPRM"
$d = "GUNAPIQM"
$e = "AMUFHSDK"
$f = "GYTKBZWR"
$g = "CNQMRLTU"
$h = "JV"
$i = "PQLCYSUV"
$j = "JZMIPFQT"
$k = "JOWNJZTR"
$l = "UCOLNREV"
$m = "DFTHRCUN"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle075_0: oracle075
{
meta:
author = "192.168.***.***"
strings:
$a = "MD"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "FU"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle076_0: oracle076
{
meta:
author = "192.168.***.***"
strings:
$a = "VE"
$b = "PCWQGOMT"
$c = "JOPE"
$d = "IUFBKTAN"
$e = "AKSYJFVE"
$f = "HQOVWKBF"
$g = "NQWDASYO"
$h = "KS"
$i = "JRMQETOL"
$j = "LPOUMEIW"
$k = "JVNEACIM"
$l = "FRUYJNTQ"
$m = "IRDMHJZW"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle077_0: oracle077
{
meta:
author = "192.168.***.***"
strings:
$a = "GR"
$b = "ALMZDHWD"
$c = "CNBVSTGR"
$d = "WDLOQAVU"
$e = "OSPVHMBK"
$f = "VFGQYZST"
$g = "EWNAMBYO"
$h = "RC"
$i = "RLNMSHQB"
$j = "LIKTZURC"
$k = "IARYTEZB"
$l = "IJBRPHQJ"
$m = "BIVROLQH"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle078_0: oracle078
{
meta:
author = "192.168.***.***"
strings:
$a = "VP"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "FF"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle079_0: oracle079
{
meta:
author = "192.168.***.***"
strings:
$a = "DL"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "BP"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle080_0: oracle080
{
meta:
author = "192.168.***.***"
strings:
$a = "EG"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "PS"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle081_0: oracle081
{
meta:
author = "192.168.***.***"
strings:
$a = "RA"
$b = "MOVLGPZE"
$c = "DYTUGPRM"
$d = "GUNAPIQM"
$e = "AMUFHSDK"
$f = "GYTKBZWR"
$g = "CNQMRLTU"
$h = "JV"
$i = "PQLCYSUV"
$j = "JZMIPFQT"
$k = "JOWNJZTR"
$l = "UCOLNREV"
$m = "DFTHRCUN"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle082_0: oracle082
{
meta:
author = "192.168.***.***"
strings:
$a = "RA"
$b = "MOVLGPZE"
$c = "DYTUGPRM"
$d = "GUNAPIQM"
$e = "AMUFHSDK"
$f = "GYTKBZWR"
$g = "CNQMRLTU"
$h = "NK"
$i = "PQLCYSUV"
$j = "JZMIPFQT"
$k = "JOWNJZTR"
$l = "UCOLNREV"
$m = "DFTHRCUN"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle083_0: oracle083
{
meta:
author = "192.168.***.***"
strings:
$a = "UZ"
$b = "ZJWKHCRP"
$c = "ILHAWDEJ"
$d = "SBWYKPAU"
$e = "ZLCBBQIR"
$f = "LBKRSADJ"
$g = "DVWHJLFK"
$h = "VR"
$i = "UCRFGPNO"
$j = "NVCOJPHM"
$k = "SQFTJKNE"
$l = "QHESMGLA"
$m = "DJRLBQPO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle084_0: oracle084
{
meta:
author = "192.168.***.***"
strings:
$a = "JZ"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "UL"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle085_0: oracle085
{
meta:
author = "192.168.***.***"
strings:
$a = "EG"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "CD"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle086_0: oracle086
{
meta:
author = "192.168.***.***"
strings:
$a = "BS"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "PY"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle087_0: oracle087
{
meta:
author = "192.168.***.***"
strings:
$a = "LY"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "RL"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle088_0: oracle088
{
meta:
author = "192.168.***.***"
strings:
$a = "LY"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "CI"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle089_0: oracle089
{
meta:
author = "192.168.***.***"
strings:
$a = "TV"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "FG"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle090_0: oracle090
{
meta:
author = "192.168.***.***"
strings:
$a = "JZ"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "UV"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle091_0: oracle091
{
meta:
author = "192.168.***.***"
strings:
$a = "TV"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "MQ"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle092_0: oracle092
{
meta:
author = "192.168.***.***"
strings:
$a = "MD"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "IE"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle093_0: oracle093
{
meta:
author = "192.168.***.***"
strings:
$a = "BQ"
$b = "LRGQHCMD"
$c = "LJBQ"
$d = "MDCWZYRT"
$e = "IMHPUVOF"
$f = "WYIVLUTP"
$g = "RDANPTKW"
$h = "OH"
$i = "UAVSKCJL"
$j = "GMSVYRBQ"
$k = "JETZWKMG"
$l = "SKADIZLR"
$m = "YCOHLJUB"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle094_0: oracle094
{
meta:
author = "192.168.***.***"
strings:
$a = "QR"
$b = "GHSUNAPF"
$c = "INFVDZDJ"
$d = "HJPDBILC"
$e = "RILJKOGM"
$f = "BHRZNAJQ"
$g = "ANBTPVYZ"
$h = "LU"
$i = "HCLZDIRU"
$j = "LRMCUJPH"
$k = "UJFEZMAH"
$l = "GCEBODML"
$m = "SMGUHJYW"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle095_0: oracle095
{
meta:
author = "192.168.***.***"
strings:
$a = "PC"
$b = "PCWQGOMT"
$c = "JOPE"
$d = "IUFBKTAN"
$e = "AKSYJFVE"
$f = "HQOVWKBF"
$g = "NQWDASYO"
$h = "VX"
$i = "JRMQETOL"
$j = "LPOUMEIW"
$k = "JVNEACIM"
$l = "FRUYJNTQ"
$m = "IRDMHJZW"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle096_0: oracle096
{
meta:
author = "192.168.***.***"
strings:
$a = "ED"
$b = "MOVLGPZE"
$c = "DYTUGPRM"
$d = "GUNAPIQM"
$e = "AMUFHSDK"
$f = "GYTKBZWR"
$g = "CNQMRLTU"
$h = "VT"
$i = "PQLCYSUV"
$j = "JZMIPFQT"
$k = "JOWNJZTR"
$l = "UCOLNREV"
$m = "DFTHRCUN"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle097_0: oracle097
{
meta:
author = "192.168.***.***"
strings:
$a = "FW"
$b = "BVSTFNZP"
$c = "TNFW"
$d = "ZPZLTOAE"
$e = "HEFBTJRC"
$f = "OAWYIQTB"
$g = "VMARCYPU"
$h = "FT"
$i = "NBJPVJIT"
$j = "FJPYMRTQ"
$k = "JAOKFYGP"
$l = "ZCVBPAIQ"
$m = "KRRNDHIL"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle098_0: oracle098
{
meta:
author = "192.168.***.***"
strings:
$a = "TZ"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "JJ"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle099_0: oracle099
{
meta:
author = "192.168.***.***"
strings:
$a = "BS"
$b = "KFAWDNJH"
$c = "NBDL"
$d = "GOZTEIKB"
$e = "VGCDNLBS"
$f = "MHRAJNTO"
$g = "BCKAFIGH"
$h = "AY"
$i = "AVHJYMIP"
$j = "BOMTJKUY"
$k = "JNQWPUHL"
$l = "TIGWHURE"
$m = "VYGPQBZF"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle100_0: oracle100
{
meta:
author = "192.168.***.***"
strings:
$a = "TA"
$b = "ZEFKPAQM"
$c = "HVPZ"
$d = "IULKCHWE"
$e = "VJFHSZTA"
$f = "TNCFGIJR"
$g = "BRUIFEGC"
$h = "XU"
$i = "GNVYDFTU"
$j = "WTRQJVBD"
$k = "NFMLCBAP"
$l = "CYJRJFIG"
$m = "KSVDFEAQ"
condition:
filesize == 15 and ((($a in (0..14) and (($b in (0..14) and ($c in (5..14) or $d in (0..14))) or (($e in (0..14) and $f in (0..14)) or $g in (0..14)))) or ($h in (0..14)and ($i in (0..14) and $j in (0..14))or $k in (0..14) )or ($l in (0..14) and $m in (0..14))))
}
rule TSG_oracle101_0: oracle101
{
meta:
author = "192.168.***.***"
strings:
$a = "OF"
$b = "LRGQHCMD"
$c = "LJBQ"
$d = "MDCWZYRT"
$e = "IMHPUVOF"
$f = "WYIVLUTP"
$g = "RDANPTKW"
$h = "EP"
$i = "UAVSKCJL"
$j = "GMSVYRBQ"
$k = "JETZWKMG"
$l = "SKADIZLR"
$m = "YCOHLJUB"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle102_0: oracle102
{
meta:
author = "192.168.***.***"
strings:
$a = "VB"
$b = "UZRLPCVE"
$c = "UPMD"
$d = "KOBBJTAL"
$e = "KOQJTUVB"
$f = "VZDYCETP"
$g = "OHGJANBZ"
$h = "IE"
$i = "ISHDMBJE"
$j = "IMYBGZUJ"
$k = "LBFOSKCY"
$l = "EJNPLVHM"
$m = "SKTRRJGO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle103_0: oracle103
{
meta:
author = "192.168.***.***"
strings:
$a = "CG"
$b = "GHSUNAPF"
$c = "INFVDZDJ"
$d = "HJPDBILC"
$e = "RILJKOGM"
$f = "BHRZNAJQ"
$g = "ANBTPVYZ"
$h = "HH"
$i = "HCLZDIRU"
$j = "LRMCUJPH"
$k = "UJFEZMAH"
$l = "GCEBODML"
$m = "SMGUHJYW"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle104_0: oracle104
{
meta:
author = "192.168.***.***"
strings:
$a = "FC"
$b = "FCDSDWQY"
$c = "OAUG"
$d = "FMWLHBBE"
$e = "JZSFUPYQ"
$f = "JZDRIKYM"
$g = "JWKIYQTU"
$h = "RT"
$i = "CJYLVUWT"
$j = "RMLHPBGQ"
$k = "FYJNABEG"
$l = "CTIFAJVZ"
$m = "PRERYAWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle105_0: oracle105
{
meta:
author = "192.168.***.***"
strings:
$a = "CG"
$b = "GHSUNAPF"
$c = "INFVDZDJ"
$d = "HJPDBILC"
$e = "RILJKOGM"
$f = "BHRZNAJQ"
$g = "ANBTPVYZ"
$h = "LU"
$i = "HCLZDIRU"
$j = "LRMCUJPH"
$k = "UJFEZMAH"
$l = "GCEBODML"
$m = "SMGUHJYW"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle106_0: oracle106
{
meta:
author = "192.168.***.***"
strings:
$a = "FW"
$b = "BVSTFNZP"
$c = "TNFW"
$d = "ZPZLTOAE"
$e = "HEFBTJRC"
$f = "OAWYIQTB"
$g = "VMARCYPU"
$h = "ZP"
$i = "NBJPVJIT"
$j = "FJPYMRTQ"
$k = "JAOKFYGP"
$l = "ZCVBPAIQ"
$m = "KRRNDHIL"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle107_0: oracle107
{
meta:
author = "192.168.***.***"
strings:
$a = "MM"
$b = "MOVLGPZE"
$c = "DYTUGPRM"
$d = "GUNAPIQM"
$e = "AMUFHSDK"
$f = "GYTKBZWR"
$g = "CNQMRLTU"
$h = "JV"
$i = "PQLCYSUV"
$j = "JZMIPFQT"
$k = "JOWNJZTR"
$l = "UCOLNREV"
$m = "DFTHRCUN"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle108_0: oracle108
{
meta:
author = "192.168.***.***"
strings:
$a = "YQ"
$b = "FCDSDWQY"
$c = "OAUG"
$d = "FMWLHBBE"
$e = "JZSFUPYQ"
$f = "JZDRIKYM"
$g = "JWKIYQTU"
$h = "CQ"
$i = "CJYLVUWT"
$j = "RMLHPBGQ"
$k = "FYJNABEG"
$l = "CTIFAJVZ"
$m = "PRERYAWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle109_0: oracle109
{
meta:
author = "192.168.***.***"
strings:
$a = "LY"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "UV"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle110_0: oracle110
{
meta:
author = "192.168.***.***"
strings:
$a = "EF"
$b = "DFTVAICE"
$c = "FQIELACS"
$d = "BQUHFMID"
$e = "MKNLGHQE"
$f = "OARHBFES"
$g = "JHIVNWOY"
$h = "LA"
$i = "WOJJPINA"
$j = "LGDMKZPQ"
$k = "MHLSTRDW"
$l = "QCRWIOGE"
$m = "SATMCVWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle111_0: oracle111
{
meta:
author = "192.168.***.***"
strings:
$a = "ZT"
$b = "ABQMUTSZ"
$c = "TRPQZNHK"
$d = "QBDWGIKF"
$e = "MFBELBIG"
$f = "KCVZSUGJ"
$g = "SKHQTVMB"
$h = "GS"
$i = "NLYZOIHS"
$j = "GTKIBSOR"
$k = "LQCJEASV"
$l = "DEJMZUTC"
$m = "KQVLUGJT"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle112_0: oracle112
{
meta:
author = "192.168.***.***"
strings:
$a = "VP"
$b = "EGLVUAMZ"
$c = "RSVP"
$d = "BRZNVDIK"
$e = "ZOUYLIHF"
$f = "FYMTWVEG"
$g = "QIDRMLOC"
$h = "SB"
$i = "FJMIWPAS"
$j = "PENBLOIF"
$k = "RJUISCBV"
$l = "TPNHZRJE"
$m = "RSRYCUZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle113_0: oracle113
{
meta:
author = "192.168.***.***"
strings:
$a = "TA"
$b = "ZEFKPAQM"
$c = "HVPZ"
$d = "IULKCHWE"
$e = "VJFHSZTA"
$f = "TNCFGIJR"
$g = "BRUIFEGC"
$h = "GD"
$i = "GNVYDFTU"
$j = "WTRQJVBD"
$k = "NFMLCBAP"
$l = "CYJRJFIG"
$m = "KSVDFEAQ"
condition:
filesize == 15 and ((($a in (0..14) and (($b in (0..14) and ($c in (5..14) or $d in (0..14))) or (($e in (0..14) and $f in (0..14)) or $g in (0..14)))) or ($h in (0..14)and ($i in (0..14) and $j in (0..14))or $k in (0..14) )or ($l in (0..14) and $m in (0..14))))
}
rule TSG_oracle114_0: oracle114
{
meta:
author = "192.168.***.***"
strings:
$a = "LS"
$b = "ZYFNHUSL"
$c = "SRIVTGOA"
$d = "ZADBCTSJ"
$e = "YUSRELIB"
$f = "EZPDCKBL"
$g = "TGYJVPSK"
$h = "UV"
$i = "RJNIULWV"
$j = "UFAMZOWL"
$k = "MSFUGTYB"
$l = "LSKZROTD"
$m = "YRPVFSZL"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle115_0: oracle115
{
meta:
author = "192.168.***.***"
strings:
$a = "JM"
$b = "ABQMUTSZ"
$c = "TRPQZNHK"
$d = "QBDWGIKF"
$e = "MFBELBIG"
$f = "KCVZSUGJ"
$g = "SKHQTVMB"
$h = "XZ"
$i = "NLYZOIHS"
$j = "GTKIBSOR"
$k = "LQCJEASV"
$l = "DEJMZUTC"
$m = "KQVLUGJT"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle116_0: oracle116
{
meta:
author = "192.168.***.***"
strings:
$a = "UZ"
$b = "ZJWKHCRP"
$c = "ILHAWDEJ"
$d = "SBWYKPAU"
$e = "ZLCBBQIR"
$f = "LBKRSADJ"
$g = "DVWHJLFK"
$h = "NO"
$i = "UCRFGPNO"
$j = "NVCOJPHM"
$k = "SQFTJKNE"
$l = "QHESMGLA"
$m = "DJRLBQPO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle117_0: oracle117
{
meta:
author = "192.168.***.***"
strings:
$a = "LR"
$b = "LRGQHCMD"
$c = "LJBQ"
$d = "MDCWZYRT"
$e = "IMHPUVOF"
$f = "WYIVLUTP"
$g = "RDANPTKW"
$h = "PK"
$i = "UAVSKCJL"
$j = "GMSVYRBQ"
$k = "JETZWKMG"
$l = "SKADIZLR"
$m = "YCOHLJUB"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle118_0: oracle118
{
meta:
author = "192.168.***.***"
strings:
$a = "UG"
$b = "FCDSDWQY"
$c = "OAUG"
$d = "FMWLHBBE"
$e = "JZSFUPYQ"
$f = "JZDRIKYM"
$g = "JWKIYQTU"
$h = "CT"
$i = "CJYLVUWT"
$j = "RMLHPBGQ"
$k = "FYJNABEG"
$l = "CTIFAJVZ"
$m = "PRERYAWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle119_0: oracle119
{
meta:
author = "192.168.***.***"
strings:
$a = "SM"
$b = "DFTVAICE"
$c = "FQIELACS"
$d = "BQUHFMID"
$e = "MKNLGHQE"
$f = "OARHBFES"
$g = "JHIVNWOY"
$h = "XN"
$i = "WOJJPINA"
$j = "LGDMKZPQ"
$k = "MHLSTRDW"
$l = "QCRWIOGE"
$m = "SATMCVWQ"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle120_0: oracle120
{
meta:
author = "192.168.***.***"
strings:
$a = "MM"
$b = "MOVLGPZE"
$c = "DYTUGPRM"
$d = "GUNAPIQM"
$e = "AMUFHSDK"
$f = "GYTKBZWR"
$g = "CNQMRLTU"
$h = "PT"
$i = "PQLCYSUV"
$j = "JZMIPFQT"
$k = "JOWNJZTR"
$l = "UCOLNREV"
$m = "DFTHRCUN"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle121_0: oracle121
{
meta:
author = "192.168.***.***"
strings:
$a = "UZ"
$b = "ZJWKHCRP"
$c = "ILHAWDEJ"
$d = "SBWYKPAU"
$e = "ZLCBBQIR"
$f = "LBKRSADJ"
$g = "DVWHJLFK"
$h = "UM"
$i = "UCRFGPNO"
$j = "NVCOJPHM"
$k = "SQFTJKNE"
$l = "QHESMGLA"
$m = "DJRLBQPO"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle122_0: oracle122
{
meta:
author = "192.168.***.***"
strings:
$a = "QR"
$b = "GHSUNAPF"
$c = "INFVDZDJ"
$d = "HJPDBILC"
$e = "RILJKOGM"
$f = "BHRZNAJQ"
$g = "ANBTPVYZ"
$h = "OA"
$i = "HCLZDIRU"
$j = "LRMCUJPH"
$k = "UJFEZMAH"
$l = "GCEBODML"
$m = "SMGUHJYW"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle123_0: oracle123
{
meta:
author = "192.168.***.***"
strings:
$a = "DL"
$b = "DLRTEIJU"
$c = "MHTV"
$d = "NUMYRKQJ"
$e = "IKYOBPTZ"
$f = "BFCYRAVT"
$g = "EZBIRATU"
$h = "CP"
$i = "JOSQWAKG"
$j = "FJEYDNMJ"
$k = "PJUYBSAM"
$l = "YMKHUTZN"
$m = "IDRPGUMV"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle124_0: oracle124
{
meta:
author = "192.168.***.***"
strings:
$a = "GR"
$b = "ALMZDHWD"
$c = "CNBVSTGR"
$d = "WDLOQAVU"
$e = "OSPVHMBK"
$f = "VFGQYZST"
$g = "EWNAMBYO"
$h = "LB"
$i = "RLNMSHQB"
$j = "LIKTZURC"
$k = "IARYTEZB"
$l = "IJBRPHQJ"
$m = "BIVROLQH"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle125_0: oracle125
{
meta:
author = "192.168.***.***"
strings:
$a = "FA"
$b = "ABQMUTSZ"
$c = "TRPQZNHK"
$d = "QBDWGIKF"
$e = "MFBELBIG"
$f = "KCVZSUGJ"
$g = "SKHQTVMB"
$h = "NR"
$i = "NLYZOIHS"
$j = "GTKIBSOR"
$k = "LQCJEASV"
$l = "DEJMZUTC"
$m = "KQVLUGJT"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle126_0: oracle126
{
meta:
author = "192.168.***.***"
strings:
$a = "PE"
$b = "PCWQGOMT"
$c = "JOPE"
$d = "IUFBKTAN"
$e = "AKSYJFVE"
$f = "HQOVWKBF"
$g = "NQWDASYO"
$h = "YO"
$i = "JRMQETOL"
$j = "LPOUMEIW"
$k = "JVNEACIM"
$l = "FRUYJNTQ"
$m = "IRDMHJZW"
condition:
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16))))
}
rule TSG_oracle127_0: oracle127
{
meta:
author = "192.168.***.***"
strings:
$a = "AL"
$b = "ALMZDHWD"
$c = "CNBVSTGR"
$d = "WDLOQAVU"
$e = "OSPVHMBK"
$f = "VFGQYZST"
$g = "EWNAMBYO"
$h = "NY"
$i = "RLNMSHQB"
$j = "LIKTZURC"
$k = "IARYTEZB"
$l = "IJBRPHQJ"
$m = "BIVROLQH"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle128_0: oracle128
{
meta:
author = "192.168.***.***"
strings:
$a = "BV"
$b = "BVSTFNZP"
$c = "TNFW"
$d = "ZPZLTOAE"
$e = "HEFBTJRC"
$f = "OAWYIQTB"
$g = "VMARCYPU"
$h = "VO"
$i = "NBJPVJIT"
$j = "FJPYMRTQ"
$k = "JAOKFYGP"
$l = "ZCVBPAIQ"
$m = "KRRNDHIL"
condition:
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle129_0: oracle129
{
meta:
author = "192.168.***.***"
strings:
$a = "UF"
$b = "FQPLUKGY"
$c = "GPQSRIBA"
$d = "HIMQDABU"
$e = "BFPZWUIQ"
$f = "FKIEHUOV"
$g = "KGMQPJAR"
$h = "IC"
$i = "IVTFAQDO"
$j = "REBVNWJC"
$k = "PGTQAJVB"
$l = "HDFIQWJJ"
$m = "KHVMRQLE"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
rule TSG_oracle130_0: oracle130
{
meta:
author = "192.168.***.***"
strings:
$a = "BK"
$b = "ALMZDHWD"
$c = "CNBVSTGR"
$d = "WDLOQAVU"
$e = "OSPVHMBK"
$f = "VFGQYZST"
$g = "EWNAMBYO"
$h = "RC"
$i = "RLNMSHQB"
$j = "LIKTZURC"
$k = "IARYTEZB"
$l = "IJBRPHQJ"
$m = "BIVROLQH"
condition:
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15))))
}
Raw
validate.py
import yara
# attacks
data = []
data.append({'oracle_name': 'oracle001', 'input': 'AAAAAAAAAAAAAAAA'})
data.append({'oracle_name': 'oracle002', 'input': 'ABCDEFGHIJKLMNOP'})
data.append({'oracle_name': 'oracle003', 'input': 'AAPNFEVOVTAAIUMQ'})
data.append({'oracle_name': 'oracle004', 'input': 'ABCDEFGHIJKLMNOP'})
data.append({'oracle_name': 'oracle005', 'input': 'AAAAAAAAAAAAAAAAAAAAAAAAAAAA'})
data.append({'oracle_name': 'oracle006', 'input': 'AAAAAAAAAAAAAAAA'})
data.append({'oracle_name': 'oracle007', 'input': 'AAAAAAAAAAAAAAAAAAA'})
data.append({'oracle_name': 'oracle008', 'input': 'ABCDIJKLAAAAAAAA'})
data.append({'oracle_name': 'oracle009', 'input': 'AAAAABMQPAAANXTD'})
data.append({'oracle_name': 'oracle010', 'input': 'SBLYQPVLLGFUDCVT'})
data.append({'oracle_name': 'oracle011', 'input': 'AARNZPVAAAULYYYX'})
data.append({'oracle_name': 'oracle012', 'input': 'XWPTRURXRXGVJWDU'})
data.append({'oracle_name': 'oracle013', 'input': 'UJGXGMQXQQOGMYRY'})
data.append({'oracle_name': 'oracle014', 'input': 'VEPCWQGOMTJOPEAAA'})
data.append({'oracle_name': 'oracle015', 'input': 'YQFCDSDWQYOAUGAA'})
data.append({'oracle_name': 'oracle016', 'input': 'PEPCWQGOMTJOPEAAA'})
data.append({'oracle_name': 'oracle017', 'input': 'ZEFKPAQMHVHVPZA'})
data.append({'oracle_name': 'oracle018', 'input': 'TZDLRTEIJUMHTVAA'})
data.append({'oracle_name': 'oracle019', 'input': 'AAAAAAAAA'})
data.append({'oracle_name': 'oracle020', 'input': 'AAA'})
data.append({'oracle_name': 'oracle021', 'input': 'QXAJYIYIVQAAAAAA'})
data.append({'oracle_name': 'oracle022', 'input': 'LJDKOWEASPAGQNKCA'})
data.append({'oracle_name': 'oracle023', 'input': 'UQYBRUTAJHGHRFXD'})
data.append({'oracle_name': 'oracle024', 'input': 'LJDKOWEASPAGQNKCA'})
data.append({'oracle_name': 'oracle025', 'input': 'PNFEVOVLLHLXNRFF'})
data.append({'oracle_name': 'oracle026', 'input': 'LJDKOWEASPAGQNKCA'})
data.append({'oracle_name': 'oracle027', 'input': 'ELKYKNFOLTTIRHUX'})
data.append({'oracle_name': 'oracle028', 'input': 'TIGWHUREVYGPQBZFA'})
data.append({'oracle_name': 'oracle029', 'input': 'BCUAEWDQBIEDPVKSJ'})
data.append({'oracle_name': 'oracle030', 'input': 'BCUAEWDQIEDPVKSJA'})
data.append({'oracle_name': 'oracle031', 'input': 'SKADIZLRYCOHLJUB'})
data.append({'oracle_name': 'oracle032', 'input': 'GFRJICTUKZHCWAAA'})
data.append({'oracle_name': 'oracle033', 'input': 'QBDWGIKFABQMUTSZ'})
data.append({'oracle_name': 'oracle034', 'input': 'JYMPPRSQJNUKBOPT'})
data.append({'oracle_name': 'oracle035', 'input': 'GCEBODMLSMGUHJYW'})
data.append({'oracle_name': 'oracle036', 'input': 'SKADIZLRYCOHLJUB'})
data.append({'oracle_name': 'oracle037', 'input': 'BBBBAAAAAAAABBBB'})
data.append({'oracle_name': 'oracle038', 'input': 'EJNPLVHMSKTRRJGO'})
data.append({'oracle_name': 'oracle039', 'input': 'LJDKOWEASPAGQNKCA'})
data.append({'oracle_name': 'oracle040', 'input': 'QHESMGLADJRLBQPO'})
data.append({'oracle_name': 'oracle041', 'input': 'VMSERJPIUBYVKSZMA'})
data.append({'oracle_name': 'oracle042', 'input': 'AAAAAAAAAAA'})
data.append({'oracle_name': 'oracle043', 'input': 'QHESMGLADJRLBQPO'})
data.append({'oracle_name': 'oracle044', 'input': 'AAAAAAA'})
data.append({'oracle_name': 'oracle045', 'input': 'SKADIZLRYCOHLJUB'})
data.append({'oracle_name': 'oracle046', 'input': 'HDFIQWJJKHVMRQLEA'})
data.append({'oracle_name': 'oracle047', 'input': 'TIGWHUREVYGPQBZFA'})
data.append({'oracle_name': 'oracle048', 'input': 'HDFIQWJJKHVMRQLEA'})
data.append({'oracle_name': 'oracle049', 'input': 'FTGDOJGVOUTRBIAA'})
data.append({'oracle_name': 'oracle050', 'input': 'EJNPLVHMSKTRRJGO'})
data.append({'oracle_name': 'oracle051', 'input': 'DJRLBQPOQHESMGLA'})
data.append({'oracle_name': 'oracle052', 'input': 'KRRNDHILZCVBPAIQ'})
data.append({'oracle_name': 'oracle053', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle054', 'input': 'SATMCVWQQCRWIOGE'})
data.append({'oracle_name': 'oracle055', 'input': 'IKYOBPTZBFCYRAVT'})
data.append({'oracle_name': 'oracle056', 'input': 'BIVROLQHIJBRPHQJA'})
data.append({'oracle_name': 'oracle057', 'input': 'UBYVKSZMVMSERJPIA'})
data.append({'oracle_name': 'oracle058', 'input': 'BIVROLQHIJBRPHQJA'})
data.append({'oracle_name': 'oracle059', 'input': 'SKTRRJGOEJNPLVHM'})
data.append({'oracle_name': 'oracle060', 'input': 'UBYVKSZMVMSERJPIA'})
data.append({'oracle_name': 'oracle061', 'input': 'UBYVKSZMVMSERJPIA'})
data.append({'oracle_name': 'oracle062', 'input': 'KRRNDHILZCVBPAIQ'})
data.append({'oracle_name': 'oracle063', 'input': 'IRDMHJZWFRUYJNTQA'})
data.append({'oracle_name': 'oracle064', 'input': 'VYGPQBZFTIGWHUREA'})
data.append({'oracle_name': 'oracle065', 'input': 'SKTRRJGOEJNPLVHM'})
data.append({'oracle_name': 'oracle066', 'input': 'OARHBFESMKNLGHQE'})
data.append({'oracle_name': 'oracle067', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle068', 'input': 'VYGPQBZFTIGWHUREA'})
data.append({'oracle_name': 'oracle069', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle070', 'input': 'IDRPGUMVYMKHUTZN'})
data.append({'oracle_name': 'oracle071', 'input': 'UBYVKSZMVMSERJPIA'})
data.append({'oracle_name': 'oracle072', 'input': 'PRERYAWQCTIFAJVZ'})
data.append({'oracle_name': 'oracle073', 'input': 'ZYFNHUSLSRIVTGOAA'})
data.append({'oracle_name': 'oracle074', 'input': 'DFTHRCUNUCOLNREV'})
data.append({'oracle_name': 'oracle075', 'input': 'SKTRRJGOEJNPLVHM'})
data.append({'oracle_name': 'oracle076', 'input': 'IRDMHJZWFRUYJNTQA'})
data.append({'oracle_name': 'oracle077', 'input': 'BIVROLQHIJBRPHQJA'})
data.append({'oracle_name': 'oracle078', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle079', 'input': 'VYGPQBZFTIGWHUREA'})
data.append({'oracle_name': 'oracle080', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle081', 'input': 'DFTHRCUNUCOLNREV'})
data.append({'oracle_name': 'oracle082', 'input': 'DFTHRCUNUCOLNREV'})
data.append({'oracle_name': 'oracle083', 'input': 'DJRLBQPOQHESMGLA'})
data.append({'oracle_name': 'oracle084', 'input': 'YRPVFSZLLSKZROTDA'})
data.append({'oracle_name': 'oracle085', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle086', 'input': 'VYGPQBZFTIGWHUREA'})
data.append({'oracle_name': 'oracle087', 'input': 'YRPVFSZLLSKZROTDA'})
data.append({'oracle_name': 'oracle088', 'input': 'YRPVFSZLLSKZROTDA'})
data.append({'oracle_name': 'oracle089', 'input': 'IDRPGUMVYMKHUTZN'})
data.append({'oracle_name': 'oracle090', 'input': 'YRPVFSZLLSKZROTDA'})
data.append({'oracle_name': 'oracle091', 'input': 'IDRPGUMVYMKHUTZN'})
data.append({'oracle_name': 'oracle092', 'input': 'SKTRRJGOEJNPLVHM'})
data.append({'oracle_name': 'oracle093', 'input': 'LRGQHCMDLJBQAAAA'})
data.append({'oracle_name': 'oracle094', 'input': 'SMGUHJYWGCEBODML'})
data.append({'oracle_name': 'oracle095', 'input': 'IRDMHJZWFRUYJNTQA'})
data.append({'oracle_name': 'oracle096', 'input': 'DFTHRCUNUCOLNREV'})
data.append({'oracle_name': 'oracle097', 'input': 'KRRNDHILZCVBPAIQ'})
data.append({'oracle_name': 'oracle098', 'input': 'IKYOBPTZBFCYRAVT'})
data.append({'oracle_name': 'oracle100', 'input': 'ZEFKPAQMHVPZTAA'})
data.append({'oracle_name': 'oracle099', 'input': 'VYGPQBZFTIGWHUREA'})
data.append({'oracle_name': 'oracle101', 'input': 'YCOHLJUBSKADIZLR'})
data.append({'oracle_name': 'oracle102', 'input': 'SKTRRJGOEJNPLVHM'})
data.append({'oracle_name': 'oracle103', 'input': 'SMGUHJYWGCEBODML'})
data.append({'oracle_name': 'oracle104', 'input': 'PRERYAWQCTIFAJVZ'})
data.append({'oracle_name': 'oracle105', 'input': 'SMGUHJYWGCEBODML'})
data.append({'oracle_name': 'oracle106', 'input': 'KRRNDHILZCVBPAIQ'})
data.append({'oracle_name': 'oracle107', 'input': 'DFTHRCUNUCOLNREV'})
data.append({'oracle_name': 'oracle108', 'input': 'PRERYAWQCTIFAJVZ'})
data.append({'oracle_name': 'oracle109', 'input': 'YRPVFSZLLSKZROTDA'})
data.append({'oracle_name': 'oracle110', 'input': 'SATMCVWQQCRWIOGE'})
data.append({'oracle_name': 'oracle111', 'input': 'KQVLUGJTDEJMZUTC'})
data.append({'oracle_name': 'oracle112', 'input': 'RSRYCUZLTPNHZRJEA'})
data.append({'oracle_name': 'oracle113', 'input': 'ZEFKPAQMHVPZTAA'})
data.append({'oracle_name': 'oracle114', 'input': 'ZYFNHUSLSRIVTGOAA'})
data.append({'oracle_name': 'oracle115', 'input': 'KCVZSUGJMFBELBIG'})
data.append({'oracle_name': 'oracle116', 'input': 'DJRLBQPOQHESMGLA'})
data.append({'oracle_name': 'oracle117', 'input': 'LRGQHCMDLJBQAAAA'})
data.append({'oracle_name': 'oracle118', 'input': 'FCDSDWQYOAUGAAAA'})
data.append({'oracle_name': 'oracle119', 'input': 'SATMCVWQQCRWIOGE'})
data.append({'oracle_name': 'oracle120', 'input': 'DFTHRCUNUCOLNREV'})
data.append({'oracle_name': 'oracle121', 'input': 'DJRLBQPOQHESMGLA'})
data.append({'oracle_name': 'oracle122', 'input': 'SMGUHJYWGCEBODML'})
data.append({'oracle_name': 'oracle123', 'input': 'IDRPGUMVYMKHUTZN'})
data.append({'oracle_name': 'oracle124', 'input': 'BIVROLQHIJBRPHQJA'})
data.append({'oracle_name': 'oracle125', 'input': 'KQVLUGJTDEJMZUTC'})
data.append({'oracle_name': 'oracle126', 'input': 'IRDMHJZWFRUYJNTQA'})
data.append({'oracle_name': 'oracle127', 'input': 'BIVROLQHIJBRPHQJA'})
data.append({'oracle_name': 'oracle128', 'input': 'KRRNDHILZCVBPAIQ'})
data.append({'oracle_name': 'oracle129', 'input': 'KHVMRQLEHDFIQWJJA'})
data.append({'oracle_name': 'oracle130', 'input': 'BIVROLQHIJBRPHQJA'})
rules = yara.compile('./defense')
for e in data:
maches = rules.match(data=e['input'])
if not e['oracle_name'] in str(maches):
print(e['oracle_name'])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment