rule phoenix_html8 { meta: author = "Josh Berry" date = "2016-06-26" description = "Phoenix Exploit Kit Detection" hash0 = "1c19a863fc4f8b13c0c7eb5e231bc3d1" sample_filetype = "js-html" yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator" strings: $string0 = "0x5)).replace(/" $string1 = "%A%%A%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90" $string2 = "/gmi,String.fromCharCode(2" $string3 = "turt;oo)s" $string4 = "91;var jtdpar" $string5 = "R(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10vEAs)tfmneyeh%A%%A%%A%%A%s