Yara Rule For EITEST Fake Chrome Popup
rule EITest_FakeChromePopup
{
meta:
description = "EITest Fake Chrome Popup"
ref = "http://blog.rz.my/2017/02/yara-rule-for-eitest-fake-chrome-popup.html"
author = "[email protected]"
version = "1"
strings:
$a = "(!!window.chrome && !!window.chrome.webstore)" nocase
$c = "search=unescape('%2F%5B%5E%3C%3E%5C%5C%6E%5C%5C%73%5D%2F%69%67%6D')" nocase
$d = "result[i].replace(eval(search),'�')" nocase
condition:
all of them
}
Subscribe to:
Post Comments
(
Atom
)
Reference for project https://github.com/RamadhanAmizudin/python-icap-yara
ReplyDelete