create UDP socket

edit on GitHub
search on VirusTotal
rule:
  meta:
    name: create UDP socket
    namespace: communication/socket/udp/send
    authors:
      - moritz.raabe@mandiant.com
      - joakim@intezer.com
      - michael.hunhoff@mandiant.com
    scopes:
      static: basic block
      dynamic: call
    mbc:
      - Communication::Socket Communication::Create UDP Socket [C0001.010]
    examples:
      - 203BD48BCC18434314AD60F4C8BC21E3D3422EB0624B22B827410F9BC63B4082:0x401240
  features:
    - or:
      - and:
        - count(number(2 = AF_INET/SOCK_DGRAM)): 2 or more
        - or:
          - api: socket
          - api: ws2_32.socket
          - api: ws2_32.#23 = socket
          - api: ws2_32.WSASocket
          - api: ws2_32.#82 = WSASocketA
          - api: ws2_32.#83 = WSASocketW
          - api: System.Net.Sockets.Socket::ctor
      - api: System.Net.Sockets.UdpClient::ctor
last edited: 2024-04-23 12:20:28