Sneed-Reactivity/yara-mikesxrs/codewatchorg/phoenix_html6.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

31 lines
1 KiB
Text

rule phoenix_html6
{
meta:
author = "Josh Berry"
date = "2016-06-26"
description = "Phoenix Exploit Kit Detection"
hash0 = "4aabb710cf04240d26c13dd2b0ccd6cc"
sample_filetype = "js-html"
yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
strings:
$string0 = "F4B6B2E67)A780A373A633;ast2316363677fa'es6F3635244"
$string1 = "piia.a}rneecc.cnuoir"
$string2 = "0448D5A54BE10A5DA628100AC3F3D53C9CAEBFF7E1E805080B044057CB1C0EF7F263DC64E0CBE47C2A21E55E9EA620000106"
$string3 = "],enEn..o"
$string4 = "o;1()sna"
$string5 = "(eres(0.,"
$string6 = "}fs2he}o.t"
$string7 = "f'u>jisch3;)Ie)C'eO"
$string8 = "refhiacei"
$string9 = "0026632528(sCE7A2684067F98BEC1s00000F512Fm286631666"
$string10 = "vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950"
$string11 = "pdu,xziien,ie"
$string12 = "rr)l;.)vr.nbl"
$string13 = "ii)ruccs)1e"
$string14 = "F30476737930anD<tAhnhxwet"
$string15 = ")yf{(ee..erneef"
$string16 = "ieiiXuMkCSwetEet"
$string17 = "F308477E7A7itme"
condition:
17 of them
}