Th4nat0s
commented
4 years ago Need to remove multiline comment on the source before the regex of rules.
/ ... /
Open Th4nat0s opened 4 years ago
Th4nat0s
commented
4 years ago Need to remove multiline comment on the source before the regex of rules.
/ ... /
//Rule to Catch Intelligence files in the meta of files uploaded. Current rule looks for NSA and MOSAD in meta of samples.
/* rule catch_intelligence_files { meta: author = "@abhinavbom" maltype = "NA" version = "0.1" date = "21/09/2015" description = "catch files" strings: $meta1 = "National Security Agency" $meta3 = "Israeli Secret Intelligence" $tag1 = "docx" $tag2 = "doc" $tag3 = "xls" $tag4 = "xlxs" $tag5 = "pdf" $tag6 = "zip" $tag7 = "rar" $tag8 = "xlsb"
condition: any of ($meta) and any of ($tag) } */