Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
00750678
Commit
00750678
authored
Jul 20, 2016
by
mmorenog
Committed by
GitHub
Jul 20, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update and rename Blackhole_EK.yar to EK_Blackhole.yar
parent
ca888720
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
15 additions
and
15 deletions
+15
-15
EK_Blackhole.yar
Exploit-Kits/EK_Blackhole.yar
+15
-15
No files found.
Exploit-Kits/
Blackhole_EK
.yar
→
Exploit-Kits/
EK_Blackhole
.yar
View file @
00750678
...
...
@@ -2,7 +2,7 @@
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
rule blackhole2_jar
rule blackhole2_jar
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -29,7 +29,7 @@ strings:
condition:
13 of them
}
rule blackhole2_jar2
rule blackhole2_jar2
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -55,7 +55,7 @@ strings:
condition:
12 of them
}
rule blackhole2_jar3
rule blackhole2_jar3
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -81,7 +81,7 @@ strings:
condition:
12 of them
}
rule blackhole2_pdf
rule blackhole2_pdf
: EK PDF
{
meta:
author = "Josh Berry"
...
...
@@ -113,7 +113,7 @@ strings:
condition:
18 of them
}
rule blackhole_basic :
exploit_kit
rule blackhole_basic :
EK
{
strings:
$a = /\.php\?\.*\?\:[a-zA-Z0-9\:]{6,}\&\.*\?\&/
...
...
@@ -146,7 +146,7 @@ strings:
condition:
12 of them
}
rule blackhole2_css
rule blackhole2_css
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -168,7 +168,7 @@ strings:
condition:
18 of them
}
rule blackhole2_htm
rule blackhole2_htm
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -204,7 +204,7 @@ strings:
condition:
14 of them
}
rule blackhole2_htm10
rule blackhole2_htm10
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -241,7 +241,7 @@ strings:
condition:
15 of them
}
rule blackhole2_htm11
rule blackhole2_htm11
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -274,7 +274,7 @@ strings:
condition:
11 of them
}
rule blackhole2_htm12
rule blackhole2_htm12
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -310,7 +310,7 @@ strings:
condition:
14 of them
}
rule blackhole2_htm3
rule blackhole2_htm3
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -329,7 +329,7 @@ strings:
condition:
3 of them
}
rule blackhole2_htm4
rule blackhole2_htm4
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -359,7 +359,7 @@ strings:
condition:
8 of them
}
rule blackhole2_htm5
rule blackhole2_htm5
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -393,7 +393,7 @@ strings:
condition:
12 of them
}
rule blackhole2_htm6
rule blackhole2_htm6
: EK
{
meta:
author = "Josh Berry"
...
...
@@ -423,7 +423,7 @@ strings:
condition:
8 of them
}
rule blackhole2_htm8
rule blackhole2_htm8
: EK
{
meta:
author = "Josh Berry"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
