mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-23 22:32:04 +00:00
recently downloaded go-crypt: Fix YARA error
This commit is contained in:
parent
46defeab6f
commit
fa4e0d0510
@ -37,10 +37,11 @@ WHERE
|
||||
$s_aes = "crypto/aes.newCipher"
|
||||
$s_run = "os/exec.(*Cmd).Run" ascii
|
||||
$s_exec = "os/exec.Command" ascii
|
||||
$not_analysis = "Dynamic Section"
|
||||
$dynamic = "Dynamic Section"
|
||||
condition:
|
||||
3 of ($s*) and none of ($not*)
|
||||
}'
|
||||
3 of ($s*) and not $dynamic
|
||||
}
|
||||
'
|
||||
AND yara.count > 0
|
||||
AND file.path NOT LIKE '/Users/%/Downloads/chainctl%'
|
||||
AND file.filename NOT IN ('grype', 'chainctl', 'elastic-agent')
|
||||
|
Loading…
Reference in New Issue
Block a user