yara/rules/Linux_Exploit_CVE_2016

rule Linux_Exploit_CVE_2016_5195_364f3b7b { meta: author = "Elastic Security" id = "364f3b7b-4361-44ca-bf49-e26c123ae4bd" fingerprint = "ec6cf1d090cd57434c4d3c1c3511fd4b683ff109bfd0ce859552d58cbb83984a" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "0d4c43bf0cdd6486a4bcab988517e58b8c15d276f41600e596ecc28b0b728e69" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 9C 01 7E 24 48 8B 45 90 48 8B 40 08 48 89 45 F8 48 8B 45 F8 48 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_3a2ed31b { meta: author = "Elastic Security" id = "3a2ed31b-a8be-4aff-af5e-e1ff2676f3f9" fingerprint = "0e8e0f58deadf4838464c2f2bc860013e6d47c3d770d0ef743b5dd9021832cae" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "ebbf3bc39ec661e2029d88960a5608e348de92089099019348bc0e891841690f" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 55 48 89 E5 48 83 EC 30 48 89 7D D8 48 8B 45 D8 48 89 45 F0 BE 02 00 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_7448814c { meta: author = "Elastic Security" id = "7448814c-1685-45a9-9a00-039b30485545" fingerprint = "25ffa8f3b2356deebc88d8831bc8664edd6543a7d722d6ddd72e89fad18c66e7" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "e95d0783b635e34743109d090af17aef2e507e8c90060d171e71d9ac79e083ba" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 9C 01 7E 24 48 8B 45 90 48 8B 40 08 48 89 45 C0 48 8B 45 C0 48 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_2fa988e3 { meta: author = "Elastic Security" id = "2fa988e3-dfaf-44c8-bfaa-889778858e22" fingerprint = "a841f4b929c79eadfa8deeb3a6f410056aec94dd1e0d9c8e5dc31675de936403" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "679392e78d4abefc05b885e43aaccc2da235bd7f2a267c6ecfbe2cf824776993" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 55 48 89 E5 48 83 EC 20 89 7D EC 89 75 E8 8B 45 E8 48 C1 E0 05 48 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_ea8801ac { meta: author = "Elastic Security" id = "ea8801ac-ee95-4294-9cfa-99c773a04183" fingerprint = "aa191347bdf2e9fdcf6f9591c370b85208a1c46a329bc648268447dbb5ea898f" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "7acccfd8c2e5555a3e3bf979ad2314c12a939c1ef32b66e61e30a712f07164fd" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 55 48 89 E5 48 83 EC 30 89 7D DC 48 89 75 D0 83 7D DC 02 7F 0A B8 01 00 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_b2ebdebd { meta: author = "Elastic Security" id = "b2ebdebd-0110-46b4-a97f-27c4c495b23d" fingerprint = "2a98a2d1be205145eb2d30a57aaa547b30281b31981f0872ba3f7e1d684a0cc2" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "dee49d4b7f406fd1728dad4dc217484ced2586e014e2cd265ea64eff70a2633d" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 55 48 89 E5 48 83 EC 30 48 89 7D D8 48 8B 45 D8 48 89 45 F8 BE 02 00 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_9190d516 { meta: author = "Elastic Security" id = "9190d516-dea0-4d74-9f2c-bd2337538258" fingerprint = "977bafd175a994edaef5f3fa19d19fe161cebb2447ee32fd5d4b0a3b93fb51fa" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "837ffed1f23293dc9c7cb994601488fc121751a249ffde51326947c33c5fca7f" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 4D 18 48 8B 55 10 48 8B 75 F0 48 8B 45 F8 48 83 EC 08 41 51 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_3b460716 { meta: author = "Elastic Security" id = "3b460716-812e-4884-ab66-e01f2e61996d" fingerprint = "900e22d1a157677698a47d49d2deeb52c938e3a790aba689b920ba1bbd7ed39d" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "8c4d49d4881ebdab1bd0e083d4e644cfc8eb7af3b96664598526ab3d175fc420" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 55 48 89 E5 48 83 EC 30 48 89 7D D8 48 8B 45 D8 48 89 45 E8 BE 02 00 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_ccfd7518 { meta: author = "Elastic Security" id = "ccfd7518-af6c-4378-bd9c-7267a7f0dab4" fingerprint = "4797064d6416f2799691ae7df956d0383dfe6094de29fb03fc8233ad89149942" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "b1017db71cf195aa565c57fed91ff1cdfcce344dc76526256d5817018f1351bf" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 83 45 FC 01 81 7D FC FF E0 F5 05 7F 0A 8B 05 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_d41c2c63 { meta: author = "Elastic Security" id = "d41c2c63-1af7-47c9-88a0-16454c9583db" fingerprint = "77fb7e9911d1037bba0a718d8983a42ad1877c13d865ce415351d599064ea7ea" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "a4e5751b4e8fa2e9b70e1e234f435a03290c414f9547dc7709ce2ee4263a35f1" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { F4 83 45 F0 01 81 7D F0 FF C1 EB 0B 7E D3 C9 C3 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_ffa7f059 { meta: author = "Elastic Security" id = "ffa7f059-b825-4dd6-b10d-e57549a2704f" fingerprint = "c451689042d9290d1bb5b931e002237584217bbddfc0d96c2486a61cb5c37d31" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { F8 83 45 FC 01 81 7D FC FF C1 EB 0B 7E D7 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_fb24c7e4 { meta: author = "Elastic Security" id = "fb24c7e4-db4f-405e-8e88-bc313b9a0358" fingerprint = "0a5f15ddb425a6e00f6c3964b4dbdc91a856fd06b6e45dfd4fded8ed97f21ae8" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { F8 83 45 FC 01 81 7D FC FF C1 EB 0B 7E ?? 8B 45 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_b45098df { meta: author = "Elastic Security" id = "b45098df-7f26-44a9-8078-f1c05d15cc38" fingerprint = "ed32e66f2c18b16a6f00d6a696a32cdb1b0b18413b4c1af059097f5d301ee084" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "e053aca86570b3781b3e08daab51382712270d2a375257c8b5789d3d87149314" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { FC 83 45 F8 01 81 7D F8 FF C1 EB 0B 7E D7 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_9c67a994 { meta: author = "Elastic Security" id = "9c67a994-dabf-4cb7-95d7-4cc47402be28" fingerprint = "fc6690eef99dd9f84f62444d7a7e1b52dc7f46e831a5ab3e87d4282bba979fde" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "70429d67402a43ed801e295b1ae1757e4fccd5d786c09ee054591ae51dfc1b25" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { FC 83 45 F8 01 81 7D F8 FF C1 EB 0B 7E ?? 8B } condition: all of them } rule Linux_Exploit_CVE_2016_5195_ab87c1ed { meta: author = "Elastic Security" id = "ab87c1ed-f538-4785-b7ae-5333a7ff2808" fingerprint = "3bf2be85120ef3711dd3508bf8fcd573a70c7ad4a5066be1b60d777a53cd37b6" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "c13c32d3a14cbc9c2580b1c76625cce8d48c5ae683230149a3f41640655e7f28" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { FF FF 88 45 EF 80 7D EF FF 75 D6 B8 ?? ?? 04 08 } condition: all of them } rule Linux_Exploit_CVE_2016_5195_f1c0482a { meta: author = "Elastic Security" id = "f1c0482a-fe88-4777-8d49-aa782bf25a98" fingerprint = "96d1ed843aeb59dd43dd76f4edd9e9928dd29f86df87b70d875473b9d908e75c" creation_date = "2021-04-06" last_modified = "2021-09-16" threat_name = "Linux.Exploit.CVE-2016-5195" reference_sample = "a12a1e8253ee1244b018fd3bdcb6b7729dfe16e06aed470f6b08344a110a4061" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { FF FF 88 45 F7 80 7D F7 FF 75 D6 B8 ?? ?? 04 08 } condition: all of them }

yara/rules/Linux_Exploit_CVE_2016_5195.yar (304 lines of code) (raw):