08e8d462fe
RED PILL 🔴 💊
17 lines
623 B
Text
17 lines
623 B
Text
rule Worm_VBS_Uaper_B
|
|
{
|
|
meta:
|
|
description = "Example rule from blog"
|
|
author = "Xavier Mertens"
|
|
reference = "https://blog.rootshell.be/2012/06/20/cuckoomx-automating-email-attachments-scanning-with-cuckoo/"
|
|
strings:
|
|
$a0 = { 466f72204f353d3120546f204f332e41646472657373456e74726965732e436f756e74 }
|
|
$a1 = { 536574204f363d4f332e41646472657373456e7472696573284f3529 }
|
|
$a2 = { 4966204f353d31205468656e }
|
|
$a3 = { 4f342e4243433d4f362e41646472657373 }
|
|
$a4 = { 456c7365 }
|
|
$a5 = { 4f342e4243433d4f342e424343202620223b20222026204f362e41646472657373 }
|
|
|
|
condition:
|
|
$a0 and $a1 and $a2 and $a3 and $a4 and $a5
|
|
}
|