|
10 | 10 | "kind": "elf",
|
11 | 11 | "pattern": "YWdlbnRTbWl0aFRlc3RUYXJnZXQ=",
|
12 | 12 | "regexp": false
|
13 |
| - }, |
14 |
| - { |
15 |
| - "name": "mining_pool_config", |
16 |
| - "domain": "filesystem", |
17 |
| - "pattern": "c3RyYXR1bSt0Y3A6Ly8=", |
18 |
| - "regexp": false, |
19 |
| - "filenames": ["*.conf", "mining.conf", "config.json"] |
20 |
| - }, |
21 |
| - { |
22 |
| - "name": "crypto_wallet_file", |
23 |
| - "domain": "filesystem", |
24 |
| - "pattern": "d2FsbGV0", |
25 |
| - "regexp": false, |
26 |
| - "filenames": ["wallet.dat", "*.wallet"] |
27 |
| - }, |
28 |
| - { |
29 |
| - "name": "reverse_shell_script", |
30 |
| - "domain": "filesystem", |
31 |
| - "pattern": "bmMgLWUgL2Jpbi9zaA==", |
32 |
| - "regexp": false, |
33 |
| - "filenames": ["*.sh", "*.py", "shell.*"] |
34 |
| - } |
35 |
| - ] |
36 |
| - }, |
37 |
| - "audit": { |
38 |
| - "signatures": [ |
39 |
| - { |
40 |
| - "name": "suspicious_env_file", |
41 |
| - "domain": "filesystem", |
42 |
| - "pattern": "QVBJX0tFWT0=", |
43 |
| - "regexp": false, |
44 |
| - "filenames": [".env", "*.env", ".environment"] |
45 |
| - }, |
46 |
| - { |
47 |
| - "name": "ssh_private_key", |
48 |
| - "domain": "filesystem", |
49 |
| - "pattern": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0t", |
50 |
| - "regexp": false, |
51 |
| - "filenames": ["id_rsa", "id_dsa", "id_ecdsa", "*.pem"] |
52 | 13 | }
|
53 | 14 | ]
|
54 | 15 | }
|
|
0 commit comments