Sneed-Reactivity/yara-mikesxrs/AirBnB/hacktool_macos_manwhoami_icloudcontacts.yara

rule hacktool_macos_manwhoami_icloudcontacts
{
    meta:
        description = "Pulls iCloud Contacts for an account. No dependencies. No user notification."
        reference = "https://github.com/manwhoami/iCloudContacts"
        author = "@mimeframe"
    strings:
        $a1 = "https://setup.icloud.com/setup/authenticate/" wide ascii
        $a2 = "https://p04-contacts.icloud.com/" wide ascii
        $a3 = "HTTP Error 401: Unauthorized. Are you sure the credentials are correct?" wide ascii
        $a4 = "HTTP Error 404: URL not found. Did you enter a username?" wide ascii
    condition:
        3 of ($a*)
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule hacktool_macos_manwhoami_icloudcontacts`
			`{`
			`meta:`
			`description = "Pulls iCloud Contacts for an account. No dependencies. No user notification."`
			`reference = "https://github.com/manwhoami/iCloudContacts"`
			`author = "@mimeframe"`
			`strings:`
			`$a1 = "https://setup.icloud.com/setup/authenticate/" wide ascii`
			`$a2 = "https://p04-contacts.icloud.com/" wide ascii`
			`$a3 = "HTTP Error 401: Unauthorized. Are you sure the credentials are correct?" wide ascii`
			`$a4 = "HTTP Error 404: URL not found. Did you enter a username?" wide ascii`
			`condition:`
			`3 of ($a*)`
			`}`