Created
December 23, 2018 14:18
-
-
Save taiyoslime/942d200f96593df9ecfb823112886f2c to your computer and use it in GitHub Desktop.
defense scripts of server-1(壱) in SECCON CTF 2018 International
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
BASE_URL = "http://172.24.0.11/" | |
BASE_DEFENSE_URL = BASE_URL + "defense/" | |
TEAM_NAME = "TSG" | |
TEAM_IP_ADDRESS = "192.168.***.***" | |
with open("defense", "r") as f: | |
payload = f.read() | |
data = {'yara_rules': payload} | |
print(data['yara_rules']) | |
r = requests.post(BASE_DEFENSE_URL + 'register/{}'.format(TEAM_IP_ADDRESS), data=json.dumps(data)) | |
print(r.text) | |
assert(r.status_code == 200) | |
assert('succeeded' in r.json()['status']) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule TSG_oracle001_0: oracle001 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 16 | |
} | |
rule TSG_oracle002_0: oracle002 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ABCDEFGH" | |
$b = "IJKLMNOP" | |
condition: | |
filesize == 16 and ($a in (0..15) and ($b in (0..15))) | |
} | |
rule TSG_oracle003_0: oracle003 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PNFEVOVT" | |
$b = "IUMQ" | |
condition: | |
filesize == 16 and ($a in (2..9)) and ($b in (12..15)) | |
} | |
rule TSG_oracle004_0: oracle004 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ABCDEFGH" | |
$b = "IJKLMNOP" | |
condition: | |
filesize == 16 and ($a in (0..7)) and ($b in (8..15)) | |
} | |
rule TSG_oracle005_0: oracle005 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 28 | |
} | |
rule TSG_oracle006_0: oracle006 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 16 | |
} | |
rule TSG_oracle007_0: oracle007 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 19 | |
} | |
rule TSG_oracle008_0: oracle008 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ABCD" | |
$b = "IJKL" | |
condition: | |
filesize == 16 and ($a in (0..3)) and ($b in (4..7)) | |
} | |
rule TSG_oracle009_0: oracle009 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "NXTD" | |
$b = "BMQP" | |
condition: | |
filesize == 16 and ($a in (12..15)) and ($b in (5..8)) | |
} | |
rule TSG_oracle010_0: oracle010 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "SBLYQPVL" | |
$b = "LGFUDCVT" | |
condition: | |
filesize == 16 and ($a in (0..15)) and ($b in (0..15)) | |
} | |
rule TSG_oracle013_0: oracle013 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UJGXGMQX" | |
$b = "QQOGMYRY" | |
condition: | |
filesize == 16 and ($a in (0..15) and ($b in (0..15))) | |
} | |
rule TSG_oracle014_0: oracle014 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VE" | |
$b = "PCWQGOMT" | |
$c = "JOPE" | |
$d = "IUFBKTAN" | |
$e = "AKSYJFVE" | |
$f = "HQOVWKBF" | |
$g = "NQWDASYO" | |
$h = "JW" | |
$i = "JRMQETOL" | |
$j = "LPOUMEIW" | |
$k = "JVNEACIM" | |
$l = "FRUYJNTQ" | |
$m = "IRDMHJZW" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle015_0: oracle015 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "YQ" | |
$b = "FCDSDWQY" | |
$c = "OAUG" | |
$d = "FMWLHBBE" | |
$e = "JZSFUPYQ" | |
$f = "JZDRIKYM" | |
$g = "JWKIYQTU" | |
$h = "WY" | |
$i = "CJYLVUWT" | |
$j = "RMLHPBGQ" | |
$k = "FYJNABEG" | |
$l = "CTIFAJVZ" | |
$m = "PRERYAWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle016_0: oracle016 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PE" | |
$b = "PCWQGOMT" | |
$c = "JOPE" | |
$d = "IUFBKTAN" | |
$e = "AKSYJFVE" | |
$f = "HQOVWKBF" | |
$g = "NQWDASYO" | |
$h = "LL" | |
$i = "JRMQETOL" | |
$j = "LPOUMEIW" | |
$k = "JVNEACIM" | |
$l = "FRUYJNTQ" | |
$m = "IRDMHJZW" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle017_0: oracle017 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PZ" | |
$b = "ZEFKPAQM" | |
$c = "HVPZ" | |
$d = "IULKCHWE" | |
$e = "VJFHSZTA" | |
$f = "TNCFGIJR" | |
$g = "BRUIFEGC" | |
$h = "WU" | |
$i = "GNVYDFTU" | |
$j = "WTRQJVBD" | |
$k = "NFMLCBAP" | |
$l = "CYJRJFIG" | |
$m = "KSVDFEAQ" | |
condition: | |
filesize == 15 and ((($a in (0..14) and (($b in (0..14) and ($c in (5..14) or $d in (0..14))) or (($e in (0..14) and $f in (0..14)) or $g in (0..14)))) or ($h in (0..14)and ($i in (0..14) and $j in (0..14))or $k in (0..14) )or ($l in (0..14) and $m in (0..14)))) | |
} | |
rule TSG_oracle018_0: oracle018 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TZ" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "FG" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle021_0: oracle021 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QXAJYI" | |
$b = "YIVQ" | |
condition: | |
filesize == 16 and ($a in (0..15) and ($b in (0..15))) | |
} | |
rule TSG_oracle022_0: oracle022 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TY" | |
$b = "USAKPDYT" | |
$c = "SBYIAHVZ" | |
$d = "AJZNSDCG" | |
$e = "YDBIKGST" | |
$f = "QEBCMDRT" | |
$g = "UHFRGIAC" | |
$h = "SH" | |
$i = "QCKIUBWH" | |
$j = "SIEGKTPF" | |
$k = "ORTKIQVE" | |
$l = "LJDKOWEA" | |
$m = "SPAGQNKC" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle024_0: oracle024 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TY" | |
$b = "USAKPDYT" | |
$c = "SBYIAHVZ" | |
$d = "AJZNSDCG" | |
$e = "YDBIKGST" | |
$f = "QEBCMDRT" | |
$g = "UHFRGIAC" | |
$h = "QF" | |
$i = "QCKIUBWH" | |
$j = "SIEGKTPF" | |
$k = "ORTKIQVE" | |
$l = "LJDKOWEA" | |
$m = "SPAGQNKC" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle026_0: oracle026 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "GU" | |
$b = "USAKPDYT" | |
$c = "SBYIAHVZ" | |
$d = "AJZNSDCG" | |
$e = "YDBIKGST" | |
$f = "QEBCMDRT" | |
$g = "UHFRGIAC" | |
$h = "QF" | |
$i = "QCKIUBWH" | |
$j = "SIEGKTPF" | |
$k = "ORTKIQVE" | |
$l = "LJDKOWEA" | |
$m = "SPAGQNKC" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle028_0: oracle028 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BS" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "BP" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle029_0: oracle029 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QB" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "AZ" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle030_0: oracle030 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QI" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "VX" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle031_0: oracle031 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "OF" | |
$b = "LRGQHCMD" | |
$c = "LJBQ" | |
$d = "MDCWZYRT" | |
$e = "IMHPUVOF" | |
$f = "WYIVLUTP" | |
$g = "RDANPTKW" | |
$h = "UQ" | |
$i = "UAVSKCJL" | |
$j = "GMSVYRBQ" | |
$k = "JETZWKMG" | |
$l = "SKADIZLR" | |
$m = "YCOHLJUB" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle033_0: oracle033 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FA" | |
$b = "ABQMUTSZ" | |
$c = "TRPQZNHK" | |
$d = "QBDWGIKF" | |
$e = "MFBELBIG" | |
$f = "KCVZSUGJ" | |
$g = "SKHQTVMB" | |
$h = "QG" | |
$i = "NLYZOIHS" | |
$j = "GTKIBSOR" | |
$k = "LQCJEASV" | |
$l = "DEJMZUTC" | |
$m = "KQVLUGJT" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle035_0: oracle035 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FI" | |
$b = "GHSUNAPF" | |
$c = "INFVDZDJ" | |
$d = "HJPDBILC" | |
$e = "RILJKOGM" | |
$f = "BHRZNAJQ" | |
$g = "ANBTPVYZ" | |
$h = "LU" | |
$i = "HCLZDIRU" | |
$j = "LRMCUJPH" | |
$k = "UJFEZMAH" | |
$l = "GCEBODML" | |
$m = "SMGUHJYW" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle036_0: oracle036 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BQ" | |
$b = "LRGQHCMD" | |
$c = "LJBQ" | |
$d = "MDCWZYRT" | |
$e = "IMHPUVOF" | |
$f = "WYIVLUTP" | |
$g = "RDANPTKW" | |
$h = "UQ" | |
$i = "UAVSKCJL" | |
$j = "GMSVYRBQ" | |
$k = "JETZWKMG" | |
$l = "SKADIZLR" | |
$m = "YCOHLJUB" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle037_0: oracle037 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BBBBAAAA" | |
$b = "AAAABBBB" | |
condition: | |
filesize == 16 and ($a in (0..15) and ($b in (0..15))) | |
} | |
rule TSG_oracle038_0: oracle038 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VB" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "IV" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle039_0: oracle039 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TS" | |
$b = "USAKPDYT" | |
$c = "SBYIAHVZ" | |
$d = "AJZNSDCG" | |
$e = "YDBIKGST" | |
$f = "QEBCMDRT" | |
$g = "UHFRGIAC" | |
$h = "MC" | |
$i = "QCKIUBWH" | |
$j = "SIEGKTPF" | |
$k = "ORTKIQVE" | |
$l = "LJDKOWEA" | |
$m = "SPAGQNKC" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle040_0: oracle040 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PI" | |
$b = "ZJWKHCRP" | |
$c = "ILHAWDEJ" | |
$d = "SBWYKPAU" | |
$e = "ZLCBBQIR" | |
$f = "LBKRSADJ" | |
$g = "DVWHJLFK" | |
$h = "SK" | |
$i = "UCRFGPNO" | |
$j = "NVCOJPHM" | |
$k = "SQFTJKNE" | |
$l = "QHESMGLA" | |
$m = "DJRLBQPO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle041_0: oracle041 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QB" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "MO" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle043_0: oracle043 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "JZ" | |
$b = "ZJWKHCRP" | |
$c = "ILHAWDEJ" | |
$d = "SBWYKPAU" | |
$e = "ZLCBBQIR" | |
$f = "LBKRSADJ" | |
$g = "DVWHJLFK" | |
$h = "NO" | |
$i = "UCRFGPNO" | |
$j = "NVCOJPHM" | |
$k = "SQFTJKNE" | |
$l = "QHESMGLA" | |
$m = "DJRLBQPO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle045_0: oracle045 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BQ" | |
$b = "LRGQHCMD" | |
$c = "LJBQ" | |
$d = "MDCWZYRT" | |
$e = "IMHPUVOF" | |
$f = "WYIVLUTP" | |
$g = "RDANPTKW" | |
$h = "GL" | |
$i = "UAVSKCJL" | |
$j = "GMSVYRBQ" | |
$k = "JETZWKMG" | |
$l = "SKADIZLR" | |
$m = "YCOHLJUB" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle046_0: oracle046 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UF" | |
$b = "FQPLUKGY" | |
$c = "GPQSRIBA" | |
$d = "HIMQDABU" | |
$e = "BFPZWUIQ" | |
$f = "FKIEHUOV" | |
$g = "KGMQPJAR" | |
$h = "IW" | |
$i = "IVTFAQDO" | |
$j = "REBVNWJC" | |
$k = "PGTQAJVB" | |
$l = "HDFIQWJJ" | |
$m = "KHVMRQLE" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle047_0: oracle047 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "DL" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "WX" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle048_0: oracle048 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UF" | |
$b = "FQPLUKGY" | |
$c = "GPQSRIBA" | |
$d = "HIMQDABU" | |
$e = "BFPZWUIQ" | |
$f = "FKIEHUOV" | |
$g = "KGMQPJAR" | |
$h = "RO" | |
$i = "IVTFAQDO" | |
$j = "REBVNWJC" | |
$k = "PGTQAJVB" | |
$l = "HDFIQWJJ" | |
$m = "KHVMRQLE" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle050_0: oracle050 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UZ" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "IE" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle011_0: oracle011 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "RNZPV" | |
$b = "ULYYYX" | |
condition: | |
filesize == 16 and ($a in (2..6) and ($b in (10..15))) | |
} | |
rule TSG_oracle049_0: oracle049 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FTGDOJGVOUTRBI" | |
condition: | |
filesize == 16 and ($a in (0..13)) | |
} | |
rule TSG_oracle044_0: oracle044 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 7 | |
} | |
rule TSG_oracle042_0: oracle042 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 11 | |
} | |
rule TSG_oracle034_0: oracle034 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "JYMPPRSQJNUKBOPT" | |
condition: | |
filesize == 16 and ($a in (0..15)) | |
} | |
rule TSG_oracle032_0: oracle032 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "GFRJICTUKZHCW" | |
condition: | |
filesize == 16 and ($a in (0..12)) | |
} | |
rule TSG_oracle027_0: oracle027 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ELKYKNFO" | |
$b = "OL" | |
$c = "LTTIRHUX" | |
$d = "WCWIUUDQ" | |
condition: | |
filesize == 16 and ( $a in (0..15) and ($b in (0..15) and ($c in (0..15) or $d in (0..15)))) | |
} | |
rule TSG_oracle025_0: oracle025 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PNFEVOVLLHLXNRFF" | |
condition: | |
filesize == 16 and ( $a in (0..15) ) | |
} | |
rule TSG_oracle020_0: oracle020 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 3 | |
} | |
rule TSG_oracle019_0: oracle019 | |
{ | |
meta: | |
author = "192.168.***.***" | |
condition: | |
filesize == 9 | |
} | |
rule TSG_oracle012_0: oracle012 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "XWPTRURXRXGVJWDU" | |
condition: | |
filesize == 16 and ( $a in (0..15) ) | |
} | |
rule TSG_oracle023_0: oracle023 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "JT" | |
$b = "ML" | |
$c = "KHIJTTGM" | |
$d = "LTTIRHUX" | |
$e = "FAHWTHIQ" | |
$f = "GAJMGGRA" | |
$g = "AUMGFPFZ" | |
$h = "FFHCBVZF" | |
$i = "AJ" | |
$j = "UQYBRUTA" | |
$k = "JHGHRFXD" | |
$l = "NBZRGFSV" | |
$m = "KHIJFUFF" | |
$n = "WWHLDBJE" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (7..15) and ( ($c in (0..7) and $d in (0..15) ) or ($e in (0..15)))) or (($f in (0..15) and $g in (8..15)) or $h in (8..15)))) or ($i in (0..15) and ($j in (0..15) and $k in (8..15))or $l in (8..15) )or ($m in (0..15) and $n in (8..15)))) | |
} | |
rule TSG_oracle051_0: oracle051 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PI" | |
$b = "ZJWKHCRP" | |
$c = "ILHAWDEJ" | |
$d = "SBWYKPAU" | |
$e = "ZLCBBQIR" | |
$f = "LBKRSADJ" | |
$g = "DVWHJLFK" | |
$h = "NO" | |
$i = "UCRFGPNO" | |
$j = "NVCOJPHM" | |
$k = "SQFTJKNE" | |
$l = "QHESMGLA" | |
$m = "DJRLBQPO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle052_0: oracle052 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "RC" | |
$b = "BVSTFNZP" | |
$c = "TNFW" | |
$d = "ZPZLTOAE" | |
$e = "HEFBTJRC" | |
$f = "OAWYIQTB" | |
$g = "VMARCYPU" | |
$h = "FT" | |
$i = "NBJPVJIT" | |
$j = "FJPYMRTQ" | |
$k = "JAOKFYGP" | |
$l = "ZCVBPAIQ" | |
$m = "KRRNDHIL" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle053_0: oracle053 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "HF" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "OX" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle054_0: oracle054 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "DD" | |
$b = "DFTVAICE" | |
$c = "FQIELACS" | |
$d = "BQUHFMID" | |
$e = "MKNLGHQE" | |
$f = "OARHBFES" | |
$g = "JHIVNWOY" | |
$h = "MP" | |
$i = "WOJJPINA" | |
$j = "LGDMKZPQ" | |
$k = "MHLSTRDW" | |
$l = "QCRWIOGE" | |
$m = "SATMCVWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle055_0: oracle055 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TZ" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "VG" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle056_0: oracle056 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "AL" | |
$b = "ALMZDHWD" | |
$c = "CNBVSTGR" | |
$d = "WDLOQAVU" | |
$e = "OSPVHMBK" | |
$f = "VFGQYZST" | |
$g = "EWNAMBYO" | |
$h = "LB" | |
$i = "RLNMSHQB" | |
$j = "LIKTZURC" | |
$k = "IARYTEZB" | |
$l = "IJBRPHQJ" | |
$m = "BIVROLQH" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle057_0: oracle057 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QI" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "MO" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle058_0: oracle058 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "GR" | |
$b = "ALMZDHWD" | |
$c = "CNBVSTGR" | |
$d = "WDLOQAVU" | |
$e = "OSPVHMBK" | |
$f = "VFGQYZST" | |
$g = "EWNAMBYO" | |
$h = "CO" | |
$i = "RLNMSHQB" | |
$j = "LIKTZURC" | |
$k = "IARYTEZB" | |
$l = "IJBRPHQJ" | |
$m = "BIVROLQH" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle059_0: oracle059 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VB" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "IJ" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle060_0: oracle060 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FU" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "AZ" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle061_0: oracle061 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FU" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "XR" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle062_0: oracle062 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FW" | |
$b = "BVSTFNZP" | |
$c = "TNFW" | |
$d = "ZPZLTOAE" | |
$e = "HEFBTJRC" | |
$f = "OAWYIQTB" | |
$g = "VMARCYPU" | |
$h = "NQ" | |
$i = "NBJPVJIT" | |
$j = "FJPYMRTQ" | |
$k = "JAOKFYGP" | |
$l = "ZCVBPAIQ" | |
$m = "KRRNDHIL" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle063_0: oracle063 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VE" | |
$b = "PCWQGOMT" | |
$c = "JOPE" | |
$d = "IUFBKTAN" | |
$e = "AKSYJFVE" | |
$f = "HQOVWKBF" | |
$g = "NQWDASYO" | |
$h = "LL" | |
$i = "JRMQETOL" | |
$j = "LPOUMEIW" | |
$k = "JVNEACIM" | |
$l = "FRUYJNTQ" | |
$m = "IRDMHJZW" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle064_0: oracle064 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "KF" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "BP" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle065_0: oracle065 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "MD" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "IJ" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle066_0: oracle066 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "SM" | |
$b = "DFTVAICE" | |
$c = "FQIELACS" | |
$d = "BQUHFMID" | |
$e = "MKNLGHQE" | |
$f = "OARHBFES" | |
$g = "JHIVNWOY" | |
$h = "WQ" | |
$i = "WOJJPINA" | |
$j = "LGDMKZPQ" | |
$k = "MHLSTRDW" | |
$l = "QCRWIOGE" | |
$m = "SATMCVWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle067_0: oracle067 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VP" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "PS" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle068_0: oracle068 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "DL" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "AY" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle069_0: oracle069 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "HF" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "PS" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle070_0: oracle070 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TV" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "JJ" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle071_0: oracle071 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FU" | |
$b = "BCUAEWDQ" | |
$c = "IEDPVKSJ" | |
$d = "NOTLRIWQ" | |
$e = "UQAELFBY" | |
$f = "YHJSBNCF" | |
$g = "VBAJKSOM" | |
$h = "MO" | |
$i = "APYCMHUO" | |
$j = "MWOKNHCZ" | |
$k = "QTDURYVM" | |
$l = "VMSERJPI" | |
$m = "UBYVKSZM" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (0..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle072_0: oracle072 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UG" | |
$b = "FCDSDWQY" | |
$c = "OAUG" | |
$d = "FMWLHBBE" | |
$e = "JZSFUPYQ" | |
$f = "JZDRIKYM" | |
$g = "JWKIYQTU" | |
$h = "RT" | |
$i = "CJYLVUWT" | |
$j = "RMLHPBGQ" | |
$k = "FYJNABEG" | |
$l = "CTIFAJVZ" | |
$m = "PRERYAWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle073_0: oracle073 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "LS" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "GZ" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle074_0: oracle074 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ED" | |
$b = "MOVLGPZE" | |
$c = "DYTUGPRM" | |
$d = "GUNAPIQM" | |
$e = "AMUFHSDK" | |
$f = "GYTKBZWR" | |
$g = "CNQMRLTU" | |
$h = "JV" | |
$i = "PQLCYSUV" | |
$j = "JZMIPFQT" | |
$k = "JOWNJZTR" | |
$l = "UCOLNREV" | |
$m = "DFTHRCUN" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle075_0: oracle075 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "MD" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "FU" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle076_0: oracle076 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VE" | |
$b = "PCWQGOMT" | |
$c = "JOPE" | |
$d = "IUFBKTAN" | |
$e = "AKSYJFVE" | |
$f = "HQOVWKBF" | |
$g = "NQWDASYO" | |
$h = "KS" | |
$i = "JRMQETOL" | |
$j = "LPOUMEIW" | |
$k = "JVNEACIM" | |
$l = "FRUYJNTQ" | |
$m = "IRDMHJZW" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle077_0: oracle077 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "GR" | |
$b = "ALMZDHWD" | |
$c = "CNBVSTGR" | |
$d = "WDLOQAVU" | |
$e = "OSPVHMBK" | |
$f = "VFGQYZST" | |
$g = "EWNAMBYO" | |
$h = "RC" | |
$i = "RLNMSHQB" | |
$j = "LIKTZURC" | |
$k = "IARYTEZB" | |
$l = "IJBRPHQJ" | |
$m = "BIVROLQH" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle078_0: oracle078 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VP" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "FF" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle079_0: oracle079 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "DL" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "BP" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle080_0: oracle080 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "EG" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "PS" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle081_0: oracle081 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "RA" | |
$b = "MOVLGPZE" | |
$c = "DYTUGPRM" | |
$d = "GUNAPIQM" | |
$e = "AMUFHSDK" | |
$f = "GYTKBZWR" | |
$g = "CNQMRLTU" | |
$h = "JV" | |
$i = "PQLCYSUV" | |
$j = "JZMIPFQT" | |
$k = "JOWNJZTR" | |
$l = "UCOLNREV" | |
$m = "DFTHRCUN" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle082_0: oracle082 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "RA" | |
$b = "MOVLGPZE" | |
$c = "DYTUGPRM" | |
$d = "GUNAPIQM" | |
$e = "AMUFHSDK" | |
$f = "GYTKBZWR" | |
$g = "CNQMRLTU" | |
$h = "NK" | |
$i = "PQLCYSUV" | |
$j = "JZMIPFQT" | |
$k = "JOWNJZTR" | |
$l = "UCOLNREV" | |
$m = "DFTHRCUN" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle083_0: oracle083 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UZ" | |
$b = "ZJWKHCRP" | |
$c = "ILHAWDEJ" | |
$d = "SBWYKPAU" | |
$e = "ZLCBBQIR" | |
$f = "LBKRSADJ" | |
$g = "DVWHJLFK" | |
$h = "VR" | |
$i = "UCRFGPNO" | |
$j = "NVCOJPHM" | |
$k = "SQFTJKNE" | |
$l = "QHESMGLA" | |
$m = "DJRLBQPO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle084_0: oracle084 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "JZ" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "UL" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle085_0: oracle085 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "EG" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "CD" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle086_0: oracle086 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BS" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "PY" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle087_0: oracle087 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "LY" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "RL" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle088_0: oracle088 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "LY" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "CI" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle089_0: oracle089 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TV" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "FG" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle090_0: oracle090 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "JZ" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "UV" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle091_0: oracle091 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TV" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "MQ" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle092_0: oracle092 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "MD" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "IE" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle093_0: oracle093 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BQ" | |
$b = "LRGQHCMD" | |
$c = "LJBQ" | |
$d = "MDCWZYRT" | |
$e = "IMHPUVOF" | |
$f = "WYIVLUTP" | |
$g = "RDANPTKW" | |
$h = "OH" | |
$i = "UAVSKCJL" | |
$j = "GMSVYRBQ" | |
$k = "JETZWKMG" | |
$l = "SKADIZLR" | |
$m = "YCOHLJUB" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle094_0: oracle094 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QR" | |
$b = "GHSUNAPF" | |
$c = "INFVDZDJ" | |
$d = "HJPDBILC" | |
$e = "RILJKOGM" | |
$f = "BHRZNAJQ" | |
$g = "ANBTPVYZ" | |
$h = "LU" | |
$i = "HCLZDIRU" | |
$j = "LRMCUJPH" | |
$k = "UJFEZMAH" | |
$l = "GCEBODML" | |
$m = "SMGUHJYW" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle095_0: oracle095 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PC" | |
$b = "PCWQGOMT" | |
$c = "JOPE" | |
$d = "IUFBKTAN" | |
$e = "AKSYJFVE" | |
$f = "HQOVWKBF" | |
$g = "NQWDASYO" | |
$h = "VX" | |
$i = "JRMQETOL" | |
$j = "LPOUMEIW" | |
$k = "JVNEACIM" | |
$l = "FRUYJNTQ" | |
$m = "IRDMHJZW" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle096_0: oracle096 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ED" | |
$b = "MOVLGPZE" | |
$c = "DYTUGPRM" | |
$d = "GUNAPIQM" | |
$e = "AMUFHSDK" | |
$f = "GYTKBZWR" | |
$g = "CNQMRLTU" | |
$h = "VT" | |
$i = "PQLCYSUV" | |
$j = "JZMIPFQT" | |
$k = "JOWNJZTR" | |
$l = "UCOLNREV" | |
$m = "DFTHRCUN" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle097_0: oracle097 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FW" | |
$b = "BVSTFNZP" | |
$c = "TNFW" | |
$d = "ZPZLTOAE" | |
$e = "HEFBTJRC" | |
$f = "OAWYIQTB" | |
$g = "VMARCYPU" | |
$h = "FT" | |
$i = "NBJPVJIT" | |
$j = "FJPYMRTQ" | |
$k = "JAOKFYGP" | |
$l = "ZCVBPAIQ" | |
$m = "KRRNDHIL" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle098_0: oracle098 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TZ" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "JJ" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle099_0: oracle099 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BS" | |
$b = "KFAWDNJH" | |
$c = "NBDL" | |
$d = "GOZTEIKB" | |
$e = "VGCDNLBS" | |
$f = "MHRAJNTO" | |
$g = "BCKAFIGH" | |
$h = "AY" | |
$i = "AVHJYMIP" | |
$j = "BOMTJKUY" | |
$k = "JNQWPUHL" | |
$l = "TIGWHURE" | |
$m = "VYGPQBZF" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle100_0: oracle100 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TA" | |
$b = "ZEFKPAQM" | |
$c = "HVPZ" | |
$d = "IULKCHWE" | |
$e = "VJFHSZTA" | |
$f = "TNCFGIJR" | |
$g = "BRUIFEGC" | |
$h = "XU" | |
$i = "GNVYDFTU" | |
$j = "WTRQJVBD" | |
$k = "NFMLCBAP" | |
$l = "CYJRJFIG" | |
$m = "KSVDFEAQ" | |
condition: | |
filesize == 15 and ((($a in (0..14) and (($b in (0..14) and ($c in (5..14) or $d in (0..14))) or (($e in (0..14) and $f in (0..14)) or $g in (0..14)))) or ($h in (0..14)and ($i in (0..14) and $j in (0..14))or $k in (0..14) )or ($l in (0..14) and $m in (0..14)))) | |
} | |
rule TSG_oracle101_0: oracle101 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "OF" | |
$b = "LRGQHCMD" | |
$c = "LJBQ" | |
$d = "MDCWZYRT" | |
$e = "IMHPUVOF" | |
$f = "WYIVLUTP" | |
$g = "RDANPTKW" | |
$h = "EP" | |
$i = "UAVSKCJL" | |
$j = "GMSVYRBQ" | |
$k = "JETZWKMG" | |
$l = "SKADIZLR" | |
$m = "YCOHLJUB" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle102_0: oracle102 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VB" | |
$b = "UZRLPCVE" | |
$c = "UPMD" | |
$d = "KOBBJTAL" | |
$e = "KOQJTUVB" | |
$f = "VZDYCETP" | |
$g = "OHGJANBZ" | |
$h = "IE" | |
$i = "ISHDMBJE" | |
$j = "IMYBGZUJ" | |
$k = "LBFOSKCY" | |
$l = "EJNPLVHM" | |
$m = "SKTRRJGO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (7..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle103_0: oracle103 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "CG" | |
$b = "GHSUNAPF" | |
$c = "INFVDZDJ" | |
$d = "HJPDBILC" | |
$e = "RILJKOGM" | |
$f = "BHRZNAJQ" | |
$g = "ANBTPVYZ" | |
$h = "HH" | |
$i = "HCLZDIRU" | |
$j = "LRMCUJPH" | |
$k = "UJFEZMAH" | |
$l = "GCEBODML" | |
$m = "SMGUHJYW" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle104_0: oracle104 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FC" | |
$b = "FCDSDWQY" | |
$c = "OAUG" | |
$d = "FMWLHBBE" | |
$e = "JZSFUPYQ" | |
$f = "JZDRIKYM" | |
$g = "JWKIYQTU" | |
$h = "RT" | |
$i = "CJYLVUWT" | |
$j = "RMLHPBGQ" | |
$k = "FYJNABEG" | |
$l = "CTIFAJVZ" | |
$m = "PRERYAWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle105_0: oracle105 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "CG" | |
$b = "GHSUNAPF" | |
$c = "INFVDZDJ" | |
$d = "HJPDBILC" | |
$e = "RILJKOGM" | |
$f = "BHRZNAJQ" | |
$g = "ANBTPVYZ" | |
$h = "LU" | |
$i = "HCLZDIRU" | |
$j = "LRMCUJPH" | |
$k = "UJFEZMAH" | |
$l = "GCEBODML" | |
$m = "SMGUHJYW" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle106_0: oracle106 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FW" | |
$b = "BVSTFNZP" | |
$c = "TNFW" | |
$d = "ZPZLTOAE" | |
$e = "HEFBTJRC" | |
$f = "OAWYIQTB" | |
$g = "VMARCYPU" | |
$h = "ZP" | |
$i = "NBJPVJIT" | |
$j = "FJPYMRTQ" | |
$k = "JAOKFYGP" | |
$l = "ZCVBPAIQ" | |
$m = "KRRNDHIL" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle107_0: oracle107 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "MM" | |
$b = "MOVLGPZE" | |
$c = "DYTUGPRM" | |
$d = "GUNAPIQM" | |
$e = "AMUFHSDK" | |
$f = "GYTKBZWR" | |
$g = "CNQMRLTU" | |
$h = "JV" | |
$i = "PQLCYSUV" | |
$j = "JZMIPFQT" | |
$k = "JOWNJZTR" | |
$l = "UCOLNREV" | |
$m = "DFTHRCUN" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle108_0: oracle108 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "YQ" | |
$b = "FCDSDWQY" | |
$c = "OAUG" | |
$d = "FMWLHBBE" | |
$e = "JZSFUPYQ" | |
$f = "JZDRIKYM" | |
$g = "JWKIYQTU" | |
$h = "CQ" | |
$i = "CJYLVUWT" | |
$j = "RMLHPBGQ" | |
$k = "FYJNABEG" | |
$l = "CTIFAJVZ" | |
$m = "PRERYAWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle109_0: oracle109 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "LY" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "UV" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle110_0: oracle110 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "EF" | |
$b = "DFTVAICE" | |
$c = "FQIELACS" | |
$d = "BQUHFMID" | |
$e = "MKNLGHQE" | |
$f = "OARHBFES" | |
$g = "JHIVNWOY" | |
$h = "LA" | |
$i = "WOJJPINA" | |
$j = "LGDMKZPQ" | |
$k = "MHLSTRDW" | |
$l = "QCRWIOGE" | |
$m = "SATMCVWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle111_0: oracle111 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "ZT" | |
$b = "ABQMUTSZ" | |
$c = "TRPQZNHK" | |
$d = "QBDWGIKF" | |
$e = "MFBELBIG" | |
$f = "KCVZSUGJ" | |
$g = "SKHQTVMB" | |
$h = "GS" | |
$i = "NLYZOIHS" | |
$j = "GTKIBSOR" | |
$k = "LQCJEASV" | |
$l = "DEJMZUTC" | |
$m = "KQVLUGJT" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle112_0: oracle112 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "VP" | |
$b = "EGLVUAMZ" | |
$c = "RSVP" | |
$d = "BRZNVDIK" | |
$e = "ZOUYLIHF" | |
$f = "FYMTWVEG" | |
$g = "QIDRMLOC" | |
$h = "SB" | |
$i = "FJMIWPAS" | |
$j = "PENBLOIF" | |
$k = "RJUISCBV" | |
$l = "TPNHZRJE" | |
$m = "RSRYCUZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (8..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle113_0: oracle113 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "TA" | |
$b = "ZEFKPAQM" | |
$c = "HVPZ" | |
$d = "IULKCHWE" | |
$e = "VJFHSZTA" | |
$f = "TNCFGIJR" | |
$g = "BRUIFEGC" | |
$h = "GD" | |
$i = "GNVYDFTU" | |
$j = "WTRQJVBD" | |
$k = "NFMLCBAP" | |
$l = "CYJRJFIG" | |
$m = "KSVDFEAQ" | |
condition: | |
filesize == 15 and ((($a in (0..14) and (($b in (0..14) and ($c in (5..14) or $d in (0..14))) or (($e in (0..14) and $f in (0..14)) or $g in (0..14)))) or ($h in (0..14)and ($i in (0..14) and $j in (0..14))or $k in (0..14) )or ($l in (0..14) and $m in (0..14)))) | |
} | |
rule TSG_oracle114_0: oracle114 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "LS" | |
$b = "ZYFNHUSL" | |
$c = "SRIVTGOA" | |
$d = "ZADBCTSJ" | |
$e = "YUSRELIB" | |
$f = "EZPDCKBL" | |
$g = "TGYJVPSK" | |
$h = "UV" | |
$i = "RJNIULWV" | |
$j = "UFAMZOWL" | |
$k = "MSFUGTYB" | |
$l = "LSKZROTD" | |
$m = "YRPVFSZL" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle115_0: oracle115 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "JM" | |
$b = "ABQMUTSZ" | |
$c = "TRPQZNHK" | |
$d = "QBDWGIKF" | |
$e = "MFBELBIG" | |
$f = "KCVZSUGJ" | |
$g = "SKHQTVMB" | |
$h = "XZ" | |
$i = "NLYZOIHS" | |
$j = "GTKIBSOR" | |
$k = "LQCJEASV" | |
$l = "DEJMZUTC" | |
$m = "KQVLUGJT" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle116_0: oracle116 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UZ" | |
$b = "ZJWKHCRP" | |
$c = "ILHAWDEJ" | |
$d = "SBWYKPAU" | |
$e = "ZLCBBQIR" | |
$f = "LBKRSADJ" | |
$g = "DVWHJLFK" | |
$h = "NO" | |
$i = "UCRFGPNO" | |
$j = "NVCOJPHM" | |
$k = "SQFTJKNE" | |
$l = "QHESMGLA" | |
$m = "DJRLBQPO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle117_0: oracle117 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "LR" | |
$b = "LRGQHCMD" | |
$c = "LJBQ" | |
$d = "MDCWZYRT" | |
$e = "IMHPUVOF" | |
$f = "WYIVLUTP" | |
$g = "RDANPTKW" | |
$h = "PK" | |
$i = "UAVSKCJL" | |
$j = "GMSVYRBQ" | |
$k = "JETZWKMG" | |
$l = "SKADIZLR" | |
$m = "YCOHLJUB" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle118_0: oracle118 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UG" | |
$b = "FCDSDWQY" | |
$c = "OAUG" | |
$d = "FMWLHBBE" | |
$e = "JZSFUPYQ" | |
$f = "JZDRIKYM" | |
$g = "JWKIYQTU" | |
$h = "CT" | |
$i = "CJYLVUWT" | |
$j = "RMLHPBGQ" | |
$k = "FYJNABEG" | |
$l = "CTIFAJVZ" | |
$m = "PRERYAWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle119_0: oracle119 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "SM" | |
$b = "DFTVAICE" | |
$c = "FQIELACS" | |
$d = "BQUHFMID" | |
$e = "MKNLGHQE" | |
$f = "OARHBFES" | |
$g = "JHIVNWOY" | |
$h = "XN" | |
$i = "WOJJPINA" | |
$j = "LGDMKZPQ" | |
$k = "MHLSTRDW" | |
$l = "QCRWIOGE" | |
$m = "SATMCVWQ" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle120_0: oracle120 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "MM" | |
$b = "MOVLGPZE" | |
$c = "DYTUGPRM" | |
$d = "GUNAPIQM" | |
$e = "AMUFHSDK" | |
$f = "GYTKBZWR" | |
$g = "CNQMRLTU" | |
$h = "PT" | |
$i = "PQLCYSUV" | |
$j = "JZMIPFQT" | |
$k = "JOWNJZTR" | |
$l = "UCOLNREV" | |
$m = "DFTHRCUN" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle121_0: oracle121 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UZ" | |
$b = "ZJWKHCRP" | |
$c = "ILHAWDEJ" | |
$d = "SBWYKPAU" | |
$e = "ZLCBBQIR" | |
$f = "LBKRSADJ" | |
$g = "DVWHJLFK" | |
$h = "UM" | |
$i = "UCRFGPNO" | |
$j = "NVCOJPHM" | |
$k = "SQFTJKNE" | |
$l = "QHESMGLA" | |
$m = "DJRLBQPO" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle122_0: oracle122 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "QR" | |
$b = "GHSUNAPF" | |
$c = "INFVDZDJ" | |
$d = "HJPDBILC" | |
$e = "RILJKOGM" | |
$f = "BHRZNAJQ" | |
$g = "ANBTPVYZ" | |
$h = "OA" | |
$i = "HCLZDIRU" | |
$j = "LRMCUJPH" | |
$k = "UJFEZMAH" | |
$l = "GCEBODML" | |
$m = "SMGUHJYW" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle123_0: oracle123 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "DL" | |
$b = "DLRTEIJU" | |
$c = "MHTV" | |
$d = "NUMYRKQJ" | |
$e = "IKYOBPTZ" | |
$f = "BFCYRAVT" | |
$g = "EZBIRATU" | |
$h = "CP" | |
$i = "JOSQWAKG" | |
$j = "FJEYDNMJ" | |
$k = "PJUYBSAM" | |
$l = "YMKHUTZN" | |
$m = "IDRPGUMV" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (6..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle124_0: oracle124 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "GR" | |
$b = "ALMZDHWD" | |
$c = "CNBVSTGR" | |
$d = "WDLOQAVU" | |
$e = "OSPVHMBK" | |
$f = "VFGQYZST" | |
$g = "EWNAMBYO" | |
$h = "LB" | |
$i = "RLNMSHQB" | |
$j = "LIKTZURC" | |
$k = "IARYTEZB" | |
$l = "IJBRPHQJ" | |
$m = "BIVROLQH" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle125_0: oracle125 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "FA" | |
$b = "ABQMUTSZ" | |
$c = "TRPQZNHK" | |
$d = "QBDWGIKF" | |
$e = "MFBELBIG" | |
$f = "KCVZSUGJ" | |
$g = "SKHQTVMB" | |
$h = "NR" | |
$i = "NLYZOIHS" | |
$j = "GTKIBSOR" | |
$k = "LQCJEASV" | |
$l = "DEJMZUTC" | |
$m = "KQVLUGJT" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle126_0: oracle126 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "PE" | |
$b = "PCWQGOMT" | |
$c = "JOPE" | |
$d = "IUFBKTAN" | |
$e = "AKSYJFVE" | |
$f = "HQOVWKBF" | |
$g = "NQWDASYO" | |
$h = "YO" | |
$i = "JRMQETOL" | |
$j = "LPOUMEIW" | |
$k = "JVNEACIM" | |
$l = "FRUYJNTQ" | |
$m = "IRDMHJZW" | |
condition: | |
filesize == 17 and ((($a in (0..16) and (($b in (0..16) and ($c in (4..16) or $d in (0..16))) or (($e in (0..16) and $f in (0..16)) or $g in (0..16)))) or ($h in (0..16)and ($i in (0..16) and $j in (0..16))or $k in (0..16) )or ($l in (0..16) and $m in (0..16)))) | |
} | |
rule TSG_oracle127_0: oracle127 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "AL" | |
$b = "ALMZDHWD" | |
$c = "CNBVSTGR" | |
$d = "WDLOQAVU" | |
$e = "OSPVHMBK" | |
$f = "VFGQYZST" | |
$g = "EWNAMBYO" | |
$h = "NY" | |
$i = "RLNMSHQB" | |
$j = "LIKTZURC" | |
$k = "IARYTEZB" | |
$l = "IJBRPHQJ" | |
$m = "BIVROLQH" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle128_0: oracle128 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BV" | |
$b = "BVSTFNZP" | |
$c = "TNFW" | |
$d = "ZPZLTOAE" | |
$e = "HEFBTJRC" | |
$f = "OAWYIQTB" | |
$g = "VMARCYPU" | |
$h = "VO" | |
$i = "NBJPVJIT" | |
$j = "FJPYMRTQ" | |
$k = "JAOKFYGP" | |
$l = "ZCVBPAIQ" | |
$m = "KRRNDHIL" | |
condition: | |
filesize == 16 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle129_0: oracle129 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "UF" | |
$b = "FQPLUKGY" | |
$c = "GPQSRIBA" | |
$d = "HIMQDABU" | |
$e = "BFPZWUIQ" | |
$f = "FKIEHUOV" | |
$g = "KGMQPJAR" | |
$h = "IC" | |
$i = "IVTFAQDO" | |
$j = "REBVNWJC" | |
$k = "PGTQAJVB" | |
$l = "HDFIQWJJ" | |
$m = "KHVMRQLE" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (0..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
rule TSG_oracle130_0: oracle130 | |
{ | |
meta: | |
author = "192.168.***.***" | |
strings: | |
$a = "BK" | |
$b = "ALMZDHWD" | |
$c = "CNBVSTGR" | |
$d = "WDLOQAVU" | |
$e = "OSPVHMBK" | |
$f = "VFGQYZST" | |
$g = "EWNAMBYO" | |
$h = "RC" | |
$i = "RLNMSHQB" | |
$j = "LIKTZURC" | |
$k = "IARYTEZB" | |
$l = "IJBRPHQJ" | |
$m = "BIVROLQH" | |
condition: | |
filesize == 17 and ((($a in (0..15) and (($b in (0..15) and ($c in (4..15) or $d in (0..15))) or (($e in (0..15) and $f in (0..15)) or $g in (0..15)))) or ($h in (0..15)and ($i in (0..15) and $j in (0..15))or $k in (0..15) )or ($l in (0..15) and $m in (0..15)))) | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import yara | |
# attacks | |
data = [] | |
data.append({'oracle_name': 'oracle001', 'input': 'AAAAAAAAAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle002', 'input': 'ABCDEFGHIJKLMNOP'}) | |
data.append({'oracle_name': 'oracle003', 'input': 'AAPNFEVOVTAAIUMQ'}) | |
data.append({'oracle_name': 'oracle004', 'input': 'ABCDEFGHIJKLMNOP'}) | |
data.append({'oracle_name': 'oracle005', 'input': 'AAAAAAAAAAAAAAAAAAAAAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle006', 'input': 'AAAAAAAAAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle007', 'input': 'AAAAAAAAAAAAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle008', 'input': 'ABCDIJKLAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle009', 'input': 'AAAAABMQPAAANXTD'}) | |
data.append({'oracle_name': 'oracle010', 'input': 'SBLYQPVLLGFUDCVT'}) | |
data.append({'oracle_name': 'oracle011', 'input': 'AARNZPVAAAULYYYX'}) | |
data.append({'oracle_name': 'oracle012', 'input': 'XWPTRURXRXGVJWDU'}) | |
data.append({'oracle_name': 'oracle013', 'input': 'UJGXGMQXQQOGMYRY'}) | |
data.append({'oracle_name': 'oracle014', 'input': 'VEPCWQGOMTJOPEAAA'}) | |
data.append({'oracle_name': 'oracle015', 'input': 'YQFCDSDWQYOAUGAA'}) | |
data.append({'oracle_name': 'oracle016', 'input': 'PEPCWQGOMTJOPEAAA'}) | |
data.append({'oracle_name': 'oracle017', 'input': 'ZEFKPAQMHVHVPZA'}) | |
data.append({'oracle_name': 'oracle018', 'input': 'TZDLRTEIJUMHTVAA'}) | |
data.append({'oracle_name': 'oracle019', 'input': 'AAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle020', 'input': 'AAA'}) | |
data.append({'oracle_name': 'oracle021', 'input': 'QXAJYIYIVQAAAAAA'}) | |
data.append({'oracle_name': 'oracle022', 'input': 'LJDKOWEASPAGQNKCA'}) | |
data.append({'oracle_name': 'oracle023', 'input': 'UQYBRUTAJHGHRFXD'}) | |
data.append({'oracle_name': 'oracle024', 'input': 'LJDKOWEASPAGQNKCA'}) | |
data.append({'oracle_name': 'oracle025', 'input': 'PNFEVOVLLHLXNRFF'}) | |
data.append({'oracle_name': 'oracle026', 'input': 'LJDKOWEASPAGQNKCA'}) | |
data.append({'oracle_name': 'oracle027', 'input': 'ELKYKNFOLTTIRHUX'}) | |
data.append({'oracle_name': 'oracle028', 'input': 'TIGWHUREVYGPQBZFA'}) | |
data.append({'oracle_name': 'oracle029', 'input': 'BCUAEWDQBIEDPVKSJ'}) | |
data.append({'oracle_name': 'oracle030', 'input': 'BCUAEWDQIEDPVKSJA'}) | |
data.append({'oracle_name': 'oracle031', 'input': 'SKADIZLRYCOHLJUB'}) | |
data.append({'oracle_name': 'oracle032', 'input': 'GFRJICTUKZHCWAAA'}) | |
data.append({'oracle_name': 'oracle033', 'input': 'QBDWGIKFABQMUTSZ'}) | |
data.append({'oracle_name': 'oracle034', 'input': 'JYMPPRSQJNUKBOPT'}) | |
data.append({'oracle_name': 'oracle035', 'input': 'GCEBODMLSMGUHJYW'}) | |
data.append({'oracle_name': 'oracle036', 'input': 'SKADIZLRYCOHLJUB'}) | |
data.append({'oracle_name': 'oracle037', 'input': 'BBBBAAAAAAAABBBB'}) | |
data.append({'oracle_name': 'oracle038', 'input': 'EJNPLVHMSKTRRJGO'}) | |
data.append({'oracle_name': 'oracle039', 'input': 'LJDKOWEASPAGQNKCA'}) | |
data.append({'oracle_name': 'oracle040', 'input': 'QHESMGLADJRLBQPO'}) | |
data.append({'oracle_name': 'oracle041', 'input': 'VMSERJPIUBYVKSZMA'}) | |
data.append({'oracle_name': 'oracle042', 'input': 'AAAAAAAAAAA'}) | |
data.append({'oracle_name': 'oracle043', 'input': 'QHESMGLADJRLBQPO'}) | |
data.append({'oracle_name': 'oracle044', 'input': 'AAAAAAA'}) | |
data.append({'oracle_name': 'oracle045', 'input': 'SKADIZLRYCOHLJUB'}) | |
data.append({'oracle_name': 'oracle046', 'input': 'HDFIQWJJKHVMRQLEA'}) | |
data.append({'oracle_name': 'oracle047', 'input': 'TIGWHUREVYGPQBZFA'}) | |
data.append({'oracle_name': 'oracle048', 'input': 'HDFIQWJJKHVMRQLEA'}) | |
data.append({'oracle_name': 'oracle049', 'input': 'FTGDOJGVOUTRBIAA'}) | |
data.append({'oracle_name': 'oracle050', 'input': 'EJNPLVHMSKTRRJGO'}) | |
data.append({'oracle_name': 'oracle051', 'input': 'DJRLBQPOQHESMGLA'}) | |
data.append({'oracle_name': 'oracle052', 'input': 'KRRNDHILZCVBPAIQ'}) | |
data.append({'oracle_name': 'oracle053', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle054', 'input': 'SATMCVWQQCRWIOGE'}) | |
data.append({'oracle_name': 'oracle055', 'input': 'IKYOBPTZBFCYRAVT'}) | |
data.append({'oracle_name': 'oracle056', 'input': 'BIVROLQHIJBRPHQJA'}) | |
data.append({'oracle_name': 'oracle057', 'input': 'UBYVKSZMVMSERJPIA'}) | |
data.append({'oracle_name': 'oracle058', 'input': 'BIVROLQHIJBRPHQJA'}) | |
data.append({'oracle_name': 'oracle059', 'input': 'SKTRRJGOEJNPLVHM'}) | |
data.append({'oracle_name': 'oracle060', 'input': 'UBYVKSZMVMSERJPIA'}) | |
data.append({'oracle_name': 'oracle061', 'input': 'UBYVKSZMVMSERJPIA'}) | |
data.append({'oracle_name': 'oracle062', 'input': 'KRRNDHILZCVBPAIQ'}) | |
data.append({'oracle_name': 'oracle063', 'input': 'IRDMHJZWFRUYJNTQA'}) | |
data.append({'oracle_name': 'oracle064', 'input': 'VYGPQBZFTIGWHUREA'}) | |
data.append({'oracle_name': 'oracle065', 'input': 'SKTRRJGOEJNPLVHM'}) | |
data.append({'oracle_name': 'oracle066', 'input': 'OARHBFESMKNLGHQE'}) | |
data.append({'oracle_name': 'oracle067', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle068', 'input': 'VYGPQBZFTIGWHUREA'}) | |
data.append({'oracle_name': 'oracle069', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle070', 'input': 'IDRPGUMVYMKHUTZN'}) | |
data.append({'oracle_name': 'oracle071', 'input': 'UBYVKSZMVMSERJPIA'}) | |
data.append({'oracle_name': 'oracle072', 'input': 'PRERYAWQCTIFAJVZ'}) | |
data.append({'oracle_name': 'oracle073', 'input': 'ZYFNHUSLSRIVTGOAA'}) | |
data.append({'oracle_name': 'oracle074', 'input': 'DFTHRCUNUCOLNREV'}) | |
data.append({'oracle_name': 'oracle075', 'input': 'SKTRRJGOEJNPLVHM'}) | |
data.append({'oracle_name': 'oracle076', 'input': 'IRDMHJZWFRUYJNTQA'}) | |
data.append({'oracle_name': 'oracle077', 'input': 'BIVROLQHIJBRPHQJA'}) | |
data.append({'oracle_name': 'oracle078', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle079', 'input': 'VYGPQBZFTIGWHUREA'}) | |
data.append({'oracle_name': 'oracle080', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle081', 'input': 'DFTHRCUNUCOLNREV'}) | |
data.append({'oracle_name': 'oracle082', 'input': 'DFTHRCUNUCOLNREV'}) | |
data.append({'oracle_name': 'oracle083', 'input': 'DJRLBQPOQHESMGLA'}) | |
data.append({'oracle_name': 'oracle084', 'input': 'YRPVFSZLLSKZROTDA'}) | |
data.append({'oracle_name': 'oracle085', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle086', 'input': 'VYGPQBZFTIGWHUREA'}) | |
data.append({'oracle_name': 'oracle087', 'input': 'YRPVFSZLLSKZROTDA'}) | |
data.append({'oracle_name': 'oracle088', 'input': 'YRPVFSZLLSKZROTDA'}) | |
data.append({'oracle_name': 'oracle089', 'input': 'IDRPGUMVYMKHUTZN'}) | |
data.append({'oracle_name': 'oracle090', 'input': 'YRPVFSZLLSKZROTDA'}) | |
data.append({'oracle_name': 'oracle091', 'input': 'IDRPGUMVYMKHUTZN'}) | |
data.append({'oracle_name': 'oracle092', 'input': 'SKTRRJGOEJNPLVHM'}) | |
data.append({'oracle_name': 'oracle093', 'input': 'LRGQHCMDLJBQAAAA'}) | |
data.append({'oracle_name': 'oracle094', 'input': 'SMGUHJYWGCEBODML'}) | |
data.append({'oracle_name': 'oracle095', 'input': 'IRDMHJZWFRUYJNTQA'}) | |
data.append({'oracle_name': 'oracle096', 'input': 'DFTHRCUNUCOLNREV'}) | |
data.append({'oracle_name': 'oracle097', 'input': 'KRRNDHILZCVBPAIQ'}) | |
data.append({'oracle_name': 'oracle098', 'input': 'IKYOBPTZBFCYRAVT'}) | |
data.append({'oracle_name': 'oracle100', 'input': 'ZEFKPAQMHVPZTAA'}) | |
data.append({'oracle_name': 'oracle099', 'input': 'VYGPQBZFTIGWHUREA'}) | |
data.append({'oracle_name': 'oracle101', 'input': 'YCOHLJUBSKADIZLR'}) | |
data.append({'oracle_name': 'oracle102', 'input': 'SKTRRJGOEJNPLVHM'}) | |
data.append({'oracle_name': 'oracle103', 'input': 'SMGUHJYWGCEBODML'}) | |
data.append({'oracle_name': 'oracle104', 'input': 'PRERYAWQCTIFAJVZ'}) | |
data.append({'oracle_name': 'oracle105', 'input': 'SMGUHJYWGCEBODML'}) | |
data.append({'oracle_name': 'oracle106', 'input': 'KRRNDHILZCVBPAIQ'}) | |
data.append({'oracle_name': 'oracle107', 'input': 'DFTHRCUNUCOLNREV'}) | |
data.append({'oracle_name': 'oracle108', 'input': 'PRERYAWQCTIFAJVZ'}) | |
data.append({'oracle_name': 'oracle109', 'input': 'YRPVFSZLLSKZROTDA'}) | |
data.append({'oracle_name': 'oracle110', 'input': 'SATMCVWQQCRWIOGE'}) | |
data.append({'oracle_name': 'oracle111', 'input': 'KQVLUGJTDEJMZUTC'}) | |
data.append({'oracle_name': 'oracle112', 'input': 'RSRYCUZLTPNHZRJEA'}) | |
data.append({'oracle_name': 'oracle113', 'input': 'ZEFKPAQMHVPZTAA'}) | |
data.append({'oracle_name': 'oracle114', 'input': 'ZYFNHUSLSRIVTGOAA'}) | |
data.append({'oracle_name': 'oracle115', 'input': 'KCVZSUGJMFBELBIG'}) | |
data.append({'oracle_name': 'oracle116', 'input': 'DJRLBQPOQHESMGLA'}) | |
data.append({'oracle_name': 'oracle117', 'input': 'LRGQHCMDLJBQAAAA'}) | |
data.append({'oracle_name': 'oracle118', 'input': 'FCDSDWQYOAUGAAAA'}) | |
data.append({'oracle_name': 'oracle119', 'input': 'SATMCVWQQCRWIOGE'}) | |
data.append({'oracle_name': 'oracle120', 'input': 'DFTHRCUNUCOLNREV'}) | |
data.append({'oracle_name': 'oracle121', 'input': 'DJRLBQPOQHESMGLA'}) | |
data.append({'oracle_name': 'oracle122', 'input': 'SMGUHJYWGCEBODML'}) | |
data.append({'oracle_name': 'oracle123', 'input': 'IDRPGUMVYMKHUTZN'}) | |
data.append({'oracle_name': 'oracle124', 'input': 'BIVROLQHIJBRPHQJA'}) | |
data.append({'oracle_name': 'oracle125', 'input': 'KQVLUGJTDEJMZUTC'}) | |
data.append({'oracle_name': 'oracle126', 'input': 'IRDMHJZWFRUYJNTQA'}) | |
data.append({'oracle_name': 'oracle127', 'input': 'BIVROLQHIJBRPHQJA'}) | |
data.append({'oracle_name': 'oracle128', 'input': 'KRRNDHILZCVBPAIQ'}) | |
data.append({'oracle_name': 'oracle129', 'input': 'KHVMRQLEHDFIQWJJA'}) | |
data.append({'oracle_name': 'oracle130', 'input': 'BIVROLQHIJBRPHQJA'}) | |
rules = yara.compile('./defense') | |
for e in data: | |
maches = rules.match(data=e['input']) | |
if not e['oracle_name'] in str(maches): | |
print(e['oracle_name']) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment