-
Notifications
You must be signed in to change notification settings - Fork 21
/
blackhole2_htm5.yar
34 lines (34 loc) · 1.05 KB
/
blackhole2_htm5.yar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
rule blackhole2_htm5
{
meta:
author = "Josh Berry"
date = "2016-06-27"
description = "BlackHole2 Exploit Kit Detection"
hash0 = "fccb8f71663620a5a8b53dcfb396cfb5"
hash1 = "a09bcf1a1bdabe4e6e7e52e7f8898012"
hash2 = "40db66bf212dd953a169752ba9349c6a"
hash3 = "25a87e6da4baa57a9d6a2cdcb2d43249"
hash4 = "6f4c64a1293c03c9f881a4ef4e1491b3"
hash0 = "fccb8f71663620a5a8b53dcfb396cfb5"
hash2 = "40db66bf212dd953a169752ba9349c6a"
hash7 = "4bdfff8de0bb5ea2d623333a4a82c7f9"
hash8 = "b43b6a1897c2956c2a0c9407b74c4232"
sample_filetype = "js-html"
yaragenerator = "https://github.com/Xen0ph0n/YaraGenerator"
strings:
$string0 = "ruleEdit.php"
$string1 = "domains.php"
$string2 = "menu.php"
$string3 = "browsers_stat.php"
$string4 = "Index of /library/templates"
$string5 = "/icons/unknown.gif"
$string6 = "browsers_bstat.php"
$string7 = "oses_stat.php"
$string8 = "exploits_bstat.php"
$string9 = "block_config.php"
$string10 = "threads_bstat.php"
$string11 = "browsers_bstat.php"
$string12 = "settings.php"
condition:
12 of them
}