A combined C2 and malware scanning service focused on the early identification, analysis, and reporting of malicious packages on the Python Package Index
Create a yara weighting system, whereby a 'match' for a rule is given a 'score', and packages are only flagged as malicious when they exceed this threshold.
rule battleb0t_stealer {
meta:
description = "Battleb0t Stealer."
author = "Syrup"
reference = ""
os = "windows"
weight = 3
strings:
$substr1 = "kekwltd.ru"
condition:
any of them
}
It is my recommendation that we implement a 'weight' function as shown above, where weight is any positive integer, and the score of each instance of a match is summed to assess a package's overall score.
Create a yara weighting system, whereby a 'match' for a rule is given a 'score', and packages are only flagged as malicious when they exceed this threshold.
It is my recommendation that we implement a 'weight' function as shown above, where weight is any positive integer, and the score of each instance of a match is summed to assess a package's overall score.