File:Yara Signature of PAS TOOL PHP WEB KIT.png

Yara Signature of PAS_TOOL_PHP_WEB_KIT also known as Grizzly Steppe according to U.S. Department of Homeland Security


 * Yara Signature
 * rule PAS_TOOL_PHP_WEB_KIT
 * meta:
 * description = "PAS TOOL PHP WEB KIT FOUND"
 * strings:
 * $php = " 20KB and filesize < 22KB) and
 * #cookie == 2 and
 * #isset == 3 and
 * all of them
 * }
 * }


 * Source
 * GRIZZLY STEPPE – Russian Malicious Cyber Activity - US-CERT, December 29, 2016
 * JAR_16-20296A_GRIZZLY STEPPE-2016-1229.pdf - Report as PDF file