A benchmark_test/sparkling.yara => benchmark_test/sparkling.yara +14 -0
@@ 0,0 1,14 @@
+
+rule Sparkling_goblin_linux
+{
+ meta:
+ author = "Paula de la Hoz"
+ description = "Detecting linux samples from Sparkling Goblin, based on https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/."
+ created_date = "2022-09-27"
+ strings:
+ $func1 = "ScheduledCtrl9UpdateJobERK"
+ $func2 = "InterfaceSpeedTester9Calc"
+ $func3 = "ScanHardwareInfoPSt"
+ condition:
+ any of them
+}
A rakudo_installation_help.md => rakudo_installation_help.md +17 -0
@@ 0,0 1,17 @@
+# HELP
+
+In case simple rakudo instalation doesn work try the following, from the [official documentation](https://rakudo.org/star/source). I'm speaking about Linux Bedian based, if you use anything else, you need to look for the specifications.
+
+```
+sudo apt-get install build-essential git libssl-dev
+mkdir ~/rakudo && cd $_
+curl -LJO https://rakudo.org/latest/star/src
+tar -xzf rakudo-star-*.tar.gz
+mv rakudo-star-*/* .
+rm -fr rakudo-star-*
+
+./bin/rstar install
+
+echo "export PATH=$(pwd)/bin:$(pwd)/share/perl6/site/bin:$(pwd)/share/perl6/vendor/bin:$(pwd)/share/perl6/core/bin:\$PATH" >> ~/.bashrc
+source ~/.bashrc
+```
A samples/mysample4.elf => samples/mysample4.elf +9 -0
@@ 0,0 1,9 @@
+InoauwgdialgfterfaceSpeedTester9Calcregegeaeargku ScheduledCtrl9UpdateJobERKsvzawde sfsqeqeDA ScanHardwareInfoPStaswaw
+DAWFAWRASewfwaf ScanHardwareInfoPStwaara
+InterfaceSpeedTester9CalcInterfaceSpeedTester9Calcdzjvg
+ScanHardwareInfoPSt
+abcdatvkykv123ajyegxyz
+abcScheduledCtrl9UpdateJobERKdef
+abcInterfaceSpeedTester9Calcdef
+abcScanHardwareInfoPStdef
+InterfaceSpeedTester9Calc