Sneed-Reactivity/yara-mikesxrs/EmersonElectricCo/ft_gzip.yara

15 lines
243 B
Text
Raw Normal View History

rule ft_gzip
{
meta:
author = "Jason Batchelor"
company = "Emerson"
lastmod = "20151116"
desc = "Trigger on magic of GZip compressed files"
strings:
$magic = { 1f 8b 08 }
condition:
$magic at 0
}