08e8d462fe
RED PILL 🔴 💊
18 lines
No EOL
374 B
Text
18 lines
No EOL
374 B
Text
/*
|
|
Description: Rar file with a .js inside
|
|
Author: iHeartMalware
|
|
Priority: 5
|
|
Scope: Against Attachment
|
|
Tags: http://phishme.com/rockloader-new-upatre-like-downloader-pushed-dridex-downloads-malwares/
|
|
Created in PhishMe Triage on April 7, 2016 3:41 PM
|
|
*/
|
|
|
|
rule rar_with_js
|
|
{
|
|
strings:
|
|
$h1 = "Rar!"
|
|
$s1 = ".js" nocase
|
|
|
|
condition:
|
|
$h1 at 0 and $s1
|
|
} |