Sneed-Reactivity/yara-mikesxrs/unknown/AutoIt_Script.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

15 lines
No EOL
418 B
Text

rule AutoIt_Script {
meta:
description = "AutoIt Script - used by attackers"
strings:
$keyword1 = "#include <FTPEX.au3>"
$keyword2 = "#include <updateftp.au3>"
$keyword3 = "#include <WinAPI.au3>"
$keyword4 = "Global $FTPServer" fullword
$keyword5 = "Global $FTPUser" fullword
$keyword6 = "= _FTP_Connect"
condition:
1 of ($keyword*)
}