connect UDP socket

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: connect UDP socket
    namespace: communication/socket/udp
    authors:
      - mrhafizfarhad@gmail.com
    description: Detects UDP socket connections by combining UDP socket creation with connection attempts.
    scopes:
      static: function
      dynamic: span of calls
    mbc:
      - Communication::Socket Communication::UDP Client [C0001.013]
    examples:
      - 368239d36d221d8877a07ab6799e643a.elf_:0x20011E9
  features:
    - and:
      - match: create UDP socket
      - match: connect socket

last edited: 2025-03-10 20:38:43