Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/codewatchorg/angler_js.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

31 lines
1 KiB
Text
Raw Blame History

rule angler_js
{
meta:
author = "Josh Berry"
date = "2016-06-26"
description = "Angler Exploit Kit Detection"
hash0 = "482d6c24a824103f0bcd37fa59e19452"
sample_filetype = "js-html"
yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
strings:
$string0 = " 2654435769, Be"
$string1 = "DFOMIqka "
$string2 = ", Zydr$>>16"
$string3 = "DFOMIqka( 'OPPj_phuPuiwzDFo')"
$string4 = "U0BNJWZ9J0vM43TnlNZcWnZjZSelQZlb1HGTTllZTm19emc0dlsYF13GvhQJmTZmbVMxallMdhWW948YWi t P b50GW"
$string5 = " auSt;"
$string6 = " eval (NDbMFR "
$string7 = "jWUwYDZhNVyMI2TzykEYjWk0MDM5MA%ZQ1TD1gEMzj 3 D ',"
$string8 = "('fE').substr (2 , 1 "
$string9 = ", -1 "
$string10 = " ) );Zydr$ [ 1]"
$string11 = " 11;PsKnARPQuNNZMP<9;PsKnARPQuNNZMP"
$string12 = "new Array (2), Ykz"
$string13 = "<script> "
$string14 = "); CYxin "
$string15 = "Zydr$ [ 1]"
$string16 = "var tKTGVbw,auSt, vnEihY, gftiUIdV, XnHs, UGlMHG, KWlqCKLfCV;"
$string17 = "reXKyQsob1reXKyQsob3 "
condition:
17 of them
}
Reference in a new issue View git blame Copy permalink