rule Linux_Exploit_Enoket_79b52a4c { meta: author = "Elastic Security" id = "79b52a4c-80cd-4fe1-aa6c-463e2cdd64ac" fingerprint = "84be6877d6b1eb091de9817a5cf0ecba5e0e82089a6dd1dc0af2e91b01fe4003" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Enoket" reference_sample = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 66 6F 75 6E 64 20 61 74 20 30 78 25 30 34 78 20 69 6E 20 74 } condition: all of them } rule Linux_Exploit_Enoket_5969a348 { meta: author = "Elastic Security" id = "5969a348-6573-4cb3-b81e-db455ff7b484" fingerprint = "7e9b9ba6146754857632451be2f98a5008268091ae1cfab1a87322b6fe30097c" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Enoket" reference_sample = "4b4d7ca9e1ffa2c46cb097d4a014c59b1a9feb93b3adcb5936ef6a1dfef9b0ae" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { FC 83 7D FC FF 75 07 B8 FF FF FF FF EB 0F 8B 45 FC 01 45 F0 83 7D } condition: all of them } rule Linux_Exploit_Enoket_80fac3e9 { meta: author = "Elastic Security" id = "80fac3e9-bf77-46d1-8d9b-25f3cf06a3b7" fingerprint = "627418bfe84af36e9b34d42aa42cb6d793e6bc41aa555a77e4f9389a9407d6f2" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Enoket" reference_sample = "3355ad81c566914a7d7734b40c46ded0cfa53aa22c6e834d42e185bf8bbe6128" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 42 4C 45 20 54 4F 20 4D 41 50 20 5A 45 52 4F 20 50 41 47 45 } condition: all of them } rule Linux_Exploit_Enoket_7da5f86a { meta: author = "Elastic Security" id = "7da5f86a-c177-47c9-a82e-50648c84174a" fingerprint = "cf9a703969e3f9a3cd20119fc0a24fa2d16bec5ea7e3b1a8df763872625c90fc" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Enoket" reference_sample = "406b003978d79d453d3e2c21b991b113bf2fc53ffbf3a1724c5b97a4903ef550" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { FF 75 F2 80 7D 94 00 74 23 0F B6 0F B8 01 00 00 00 3A 4D 94 } condition: all of them } rule Linux_Exploit_Enoket_c77c0d6d { meta: author = "Elastic Security" id = "c77c0d6d-7f5c-4618-b6f6-3c1ddc70783c" fingerprint = "739e23abbd2971d6ff24c94a87d7aab082aec85f9cd7eb3a168b35fa22f32eb9" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Enoket" reference_sample = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 6E 64 20 74 68 65 20 77 6F 72 6C 64 2C 20 6F 6E 65 20 68 61 } condition: all of them } rule Linux_Exploit_Enoket_fbf508e1 { meta: author = "Elastic Security" id = "fbf508e1-2a44-417e-a2e4-8d43c2b64017" fingerprint = "4909d3a04b820547fbff774c64c112b8a6a5e95452992639296a220776826d98" creation_date = "2021-01-12" last_modified = "2021-09-16" threat_name = "Linux.Exploit.Enoket" reference_sample = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" severity = 100 arch_context = "x86" scan_context = "file, memory" license = "Elastic License v2" os = "linux" strings: $a = { 45 E8 76 0F 48 8B 45 E8 48 83 E8 01 0F B6 00 3C 5F 74 DF 48 8B } condition: all of them }