100 Days of YARA – Day 52: Golang ssh package

On February 9, 2022December 31, 2021 By DanielIn 100 days of Yara

I was looking at some ABCbot samples and noticed that some of them included the golang ssh package. I thought this would be useful to know when looking at new samples.

rule golang_ssh
{
	meta:
		description = "Golang binary including golang.org/x/crypto/ssh"
		reference = "https://pkg.go.dev/golang.org/x/crypto/ssh"

	strings:
		$ = "golang.org/x/crypto/ssh"

	condition:
		all of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 52: Golang ssh package”

Pingback: Week 07 – 2022 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

One thought on “100 Days of YARA – Day 52: Golang ssh package”

Leave a Reply Cancel reply