As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community.
- Not recommended for deployment in a production network of any kind without internal testing.
- Not a solution to any vulnerability.
- Not an official supported Palo Alto Networks signature
This write up is to help the Palo Alto Networks community with detecting a specific linux ELF sample in this example.
The sample signature was created on PAN OS Version 7.0.x :
Fill out the appropriate field under the configuration tab
Choose the standard option from the radio button and click on add to create a signature
Since we only have one condition it doesn’t matter if we choose the ‘and’/’or’ condition
Within the ELF file we are looking for a particular pattern on hex values. Make sure to choose the context type as: file-elf-body
Below is a threat log that is being triggered on this signature
Sample xml signature attached to this document.
... View more