Sneed-Reactivity/yara-mikesxrs/xme/Worm_VBS_Uaper_B.yar

rule Worm_VBS_Uaper_B
{
meta:
    description = "Example rule from blog"
    author = "Xavier Mertens"
    reference = "https://blog.rootshell.be/2012/06/20/cuckoomx-automating-email-attachments-scanning-with-cuckoo/"
strings:
  $a0 = { 466f72204f353d3120546f204f332e41646472657373456e74726965732e436f756e74 }
  $a1 = { 536574204f363d4f332e41646472657373456e7472696573284f3529 }
  $a2 = { 4966204f353d31205468656e }
  $a3 = { 4f342e4243433d4f362e41646472657373 }
  $a4 = { 456c7365 }
  $a5 = { 4f342e4243433d4f342e424343202620223b20222026204f362e41646472657373 }

condition:
  $a0 and $a1 and $a2 and $a3 and $a4 and $a5
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule Worm_VBS_Uaper_B`
			`{`
			`meta:`
			`description = "Example rule from blog"`
			`author = "Xavier Mertens"`
			`reference = "https://blog.rootshell.be/2012/06/20/cuckoomx-automating-email-attachments-scanning-with-cuckoo/"`
			`strings:`
			`$a0 = { 466f72204f353d3120546f204f332e41646472657373456e74726965732e436f756e74 }`
			`$a1 = { 536574204f363d4f332e41646472657373456e7472696573284f3529 }`
			`$a2 = { 4966204f353d31205468656e }`
			`$a3 = { 4f342e4243433d4f362e41646472657373 }`
			`$a4 = { 456c7365 }`
			`$a5 = { 4f342e4243433d4f342e424343202620223b20222026204f362e41646472657373 }`

			`condition:`
			`$a0 and $a1 and $a2 and $a3 and $a4 and $a5`
			`}`