31 lines
836 B
Text
31 lines
836 B
Text
rule bleedinglife2_adobe_2010_2884_exploit
|
|
{
|
|
meta:
|
|
author = "Josh Berry"
|
|
date = "2016-06-26"
|
|
description = "BleedingLife2 Exploit Kit Detection"
|
|
hash0 = "b22ac6bea520181947e7855cd317c9ac"
|
|
sample_filetype = "unknown"
|
|
yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
|
|
strings:
|
|
$string0 = "_autoRepeat"
|
|
$string1 = "embedFonts"
|
|
$string2 = "KeyboardEvent"
|
|
$string3 = "instanceStyles"
|
|
$string4 = "InvalidationType"
|
|
$string5 = "autoRepeat"
|
|
$string6 = "getScaleX"
|
|
$string7 = "RadioButton_selectedDownIcon"
|
|
$string8 = "configUI"
|
|
$string9 = "deactivate"
|
|
$string10 = "fl.controls:Button"
|
|
$string11 = "_mouseStateLocked"
|
|
$string12 = "fl.core.ComponentShim"
|
|
$string13 = "toString"
|
|
$string14 = "_group"
|
|
$string15 = "addRadioButton"
|
|
$string16 = "inCallLaterPhase"
|
|
$string17 = "oldMouseState"
|
|
condition:
|
|
17 of them
|
|
}
|