Skip to main content
StickySolved

Test question topic for reply count 1

  • January 7, 2025
  • 19 replies
  • 233 views
N
Forum|alt.badge.img+1

Test question topic for reply count 1 

Best answer by sudhanshu_sabharwal

kdsmcklsmd

    19 replies

    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    kjkk

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    ewr

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    dswefrwe

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    fgbfd

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    sfsdfz

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    fdvdsfv

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    dewd

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    dfsvgdsfg

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    fsfd

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    Here

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    njknjk

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    jnhjh

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    lkmkljm

    Gainsight Product manager
    sudhanshu_sabharwal
    Forum|alt.badge.img+2

    ,mnmn

    Gainsight Product manager
      sudhanshu_sabharwal
      Forum|alt.badge.img+2

      Hello!!!

      Gainsight Product manager
        sudhanshu_sabharwal
        Forum|alt.badge.img+2

        rfet

        Gainsight Product manager
        sudhanshu_sabharwal
        Forum|alt.badge.img+2

        fdsdf

        Gainsight Product manager
        sudhanshu_sabharwal
        Forum|alt.badge.img+2

        kdsmcklsmd

        Gainsight Product manager
        sudhanshu_sabharwal
        Forum|alt.badge.img+2
        rule InvisiDoor_Backdoor : backdoor windows
        {
            meta:
                description = "Identifies the InvisiDoor stealth backdoor malware."
                author = "AI Security Bot"
                date = "2025-11-06"
                version = "1.0"
                severity = "High"

            strings:
                // Text string often used in the malware's command-and-control communication
                $c2_ip = "192.168.42.10" fullword ascii

                // Unique mutex name the malware creates to ensure only one instance runs
                $mutex = "InvisiDoor_Global_Mutex_01" wide ascii

                // A specific sequence of binary instructions (hex pattern) in the code
                // '??' represents a wildcard (any single byte)
                $code_pattern = { 55 8B EC 83 E4 F8 FF 75 ?? 6A 00 }

                // A regular expression to find an obfuscated configuration file path
                $config_regex = /%APPDATA%\\Roaming\\[a-z]{4}\.dat/ nocase

            condition:
                // The file must contain the unique mutex string ($mutex)
                // AND it must contain either the C2 IP ($c2_ip) OR the code pattern ($code_pattern)
                // AND the file size must be between 10 KB and 500 KB
                $mutex and ($c2_ip or $code_pattern) and filesize > 10KB and filesize < 500KB
        }

        ewdwe

        Gainsight Product manager
        Terms & ConditionsAccessibility statement
        /* Note: We recommend inviting a professional web developer to work with custom code. Test your code on a staging environment before publishing. If you do not have access to a developer, inSided can provide Professional Services - please reach out to support@insided.com */
        Custom code