Sneed-Reactivity/yara-mikesxrs/bluecoat/InceptionBlackberry.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

17 lines
No EOL
448 B
Text

rule InceptionBlackberry {
meta:
author = "Blue Coat Systems, Inc"
info = "Used by unknown APT actors: Inception"
reference = "https://www.bluecoat.com/documents/download/638d602b-70f4-4644-aaad-b80e1426aad4/d5c87163-e068-440f-b89e-e40b2f8d2088"
strings:
$a1 = "POSTALCODE:"
$a2 = "SecurityCategory:"
$a3 = "amount of free flash:"
$a4 = "$071|'1'|:"
$b1 = "God_Save_The_Queen"
$b2 = "UrlBlog"
condition:
all of ($a*) or all of ($b*)
}