17 строки
554 B
Plaintext
17 строки
554 B
Plaintext
rule CyclopsBlink_module_initialisation
|
|
{
|
|
meta:
|
|
author = "NCSC"
|
|
description = "Detects the code bytes used to initialise the modules
|
|
built into Cyclops Blink"
|
|
hash1 = "3adf9a59743bc5d8399f67cab5eb2daf28b9b863"
|
|
hash2 = "c59bc17659daca1b1ce65b6af077f86a648ad8a8"
|
|
strings:
|
|
// Module initialisation code bytes, simply returning the module ID
|
|
// to the caller
|
|
$ = {94 21 FF F0 93 E1 00 08 7C 3F 0B 78 38 00 00 ?? 7C 03
|
|
03 78 81 61 00 00 8E EB FF F8 7D 61 5B 78 4E 80 00 20}
|
|
condition:
|
|
(uint32(0) == 0x464c457f) and (any of them)
|
|
}
|