Sneed-Reactivity/yara-mikesxrs/phish me/PM_outlook_setting_pdf_exe.yar

rule PM_outlook_setting_pdf_exe

{
meta:
	author="R.Tokazowski"
	company="PhishMe, Inc."
	URL="http://phishme.com/evolution-upatre-dyre/"

strings:
	$a1 = "PK"
	$a2 = "outlook_setting_pdf.exe"

condition:
	$a1 at 0 and $a2

}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule PM_outlook_setting_pdf_exe`

			`{`
			`meta:`
			`author="R.Tokazowski"`
			`company="PhishMe, Inc."`
			`URL="http://phishme.com/evolution-upatre-dyre/"`

			`strings:`
			`$a1 = "PK"`
			`$a2 = "outlook_setting_pdf.exe"`

			`condition:`
			`$a1 at 0 and $a2`

			`}`