Sneed-Reactivity/yara-mikesxrs/phish me/rar_with_JS.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

18 lines
No EOL
374 B
Text

/*
Description: Rar file with a .js inside
Author: iHeartMalware
Priority: 5
Scope: Against Attachment
Tags: http://phishme.com/rockloader-new-upatre-like-downloader-pushed-dridex-downloads-malwares/
Created in PhishMe Triage on April 7, 2016 3:41 PM
*/
rule rar_with_js
{
strings:
$h1 = "Rar!"
$s1 = ".js" nocase
condition:
$h1 at 0 and $s1
}