Skip to content

R
rules
Switch branch/tag
Find file
BlameHistoryPermalink
MALW_PyPI.yar 322 Bytes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 
rule MALW_FakePyPI
{
meta:
	description = "Identifies fake PyPI Packages."
	author = "@bartblaze"
	reference = "http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/"
	date = "2017-09"
	tlp = "white"

strings:	
	$ = "# Welcome Here! :)"
	$ = "# just toy, no harm :)"
	$ = "[0x76,0x21,0xfe,0xcc,0xee]"

condition:
	all of them
}