100 Days of YARA – Day 40: masscan

On By DanielIn 100 days of Yara

masscan is a very fast port scanner. Although this tool is not inherently malicious, it has been abused on hacked systems to port scan additional systems to attack and to enumerate internal networks.

Finding this software unexpectedly warrants an investigation.

rule masscan
{
	meta:
		description = "https://github.com/robertdavidgraham/masscan"

	strings:
		$a = " masscan -"
		$b = "https://github.com/robertdavidgraham/masscan"

	condition:
		any of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 40: masscan

  1. Pingback: Week 05 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s