Home/CVE-2022-46169/YARA rules
YARA

YARA rules for CVE-2022-46169

1 rules · scoped to cve · back to CVE-2022-46169
YARA rules whose family, name, or description matches this cve or its tooling. Use these for binary-pattern hunts.

YARA rules

1 of 1
direct LOG
EXPL_LOG_Cacti_CommandInjection_CVE_2022_46169_Dec22_1
Detects potential exploitation attempts that target the Cacti Command Injection CVE-2022-46169
author Nasreddine Bencherchali license see source repo
view YARA rule 
rule EXPL_LOG_Cacti_CommandInjection_CVE_2022_46169_Dec22_1 {
   meta:
      description = "Detects potential exploitation attempts that target the Cacti Command Injection CVE-2022-46169"
      author = "Nasreddine Bencherchali"
      score = 70
      reference = "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf"
      date = "2022-12-27"
      id = "c799a419-87ed-55ea-8ebb-d4da901be4ad"
   strings:
      $xr1 = /\/remote_agent\.php.{1,300}(whoami|\/bin\/bash|\/bin\/sh|\bwget\b|powershell|cmd \/c|cmd\.exe \/c).{1,300} 200 / ascii
   condition:
      $xr1
}
Showing 1-1 of 1
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin