-
Notifications
You must be signed in to change notification settings - Fork 164
/
Copy pathreceive-data-on-socket.yml
38 lines (38 loc) · 1.33 KB
/
receive-data-on-socket.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
rule:
meta:
name: receive data on socket
namespace: communication/socket/receive
authors:
scopes:
static: function
dynamic: call
mbc:
- Communication::Socket Communication::Receive Data [C0001.006]
examples:
- Practical Malware Analysis Lab 01-01.dll_:0x10001010
features:
- or:
- api: ws2_32.recv
- api: ws2_32.recvfrom
- api: ws2_32.WSARecv
- api: ws2_32.WSARecvDisconnect
- api: ws2_32.WSARecvEx
- api: ws2_32.WSARecvFrom
- api: ws2_32.WSARecvMsg
- api: recv
- api: System.Net.Sockets.Socket::Receive
- api: System.Net.Sockets.Socket::ReceiveAsync
- api: System.Net.Sockets.Socket::ReceiveFrom
- api: System.Net.Sockets.Socket::ReceiveFromAsync
- api: System.Net.Sockets.Socket::ReceiveMessageFrom
- api: System.Net.Sockets.Socket::ReceiveMessageFromAsync
- api: System.Net.Sockets.Socket::BeginReceive
- api: System.Net.Sockets.Socket::BeginReceiveFrom
- api: System.Net.Sockets.Socket::BeginReceiveMessageFrom
- api: System.Net.Sockets.Socket::EndReceive
- api: System.Net.Sockets.Socket::EndReceiveFrom
- api: System.Net.Sockets.Socket::EndReceiveMessageFrom
- api: recvmsg