Skip to content

R
rules
Commit 00750678 by mmorenog Committed by GitHub
Options

Update and rename Blackhole_EK.yar to EK_Blackhole.yar

parent ca888720
Showing with 15 additions and 15 deletions
Exploit-Kits/Blackhole_EK.yar Exploit-Kits/EK_Blackhole.yar
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license. This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/ */
rule blackhole2_jar rule blackhole2_jar : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -29,7 +29,7 @@ strings: ...@@ -29,7 +29,7 @@ strings:
condition: condition:
13 of them 13 of them
} }
rule blackhole2_jar2 rule blackhole2_jar2 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -55,7 +55,7 @@ strings: ...@@ -55,7 +55,7 @@ strings:
condition: condition:
12 of them 12 of them
} }
rule blackhole2_jar3 rule blackhole2_jar3 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -81,7 +81,7 @@ strings: ...@@ -81,7 +81,7 @@ strings:
condition: condition:
12 of them 12 of them
} }
rule blackhole2_pdf rule blackhole2_pdf : EK PDF
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -113,7 +113,7 @@ strings: ...@@ -113,7 +113,7 @@ strings:
condition: condition:
18 of them 18 of them
} }
rule blackhole_basic : exploit_kit rule blackhole_basic : EK
{ {
strings: strings:
$a = /\.php\?\.*\?\:[a-zA-Z0-9\:]{6,}\&\.*\?\&/ $a = /\.php\?\.*\?\:[a-zA-Z0-9\:]{6,}\&\.*\?\&/
...@@ -146,7 +146,7 @@ strings: ...@@ -146,7 +146,7 @@ strings:
condition: condition:
12 of them 12 of them
} }
rule blackhole2_css rule blackhole2_css : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -168,7 +168,7 @@ strings: ...@@ -168,7 +168,7 @@ strings:
condition: condition:
18 of them 18 of them
} }
rule blackhole2_htm rule blackhole2_htm : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -204,7 +204,7 @@ strings: ...@@ -204,7 +204,7 @@ strings:
condition: condition:
14 of them 14 of them
} }
rule blackhole2_htm10 rule blackhole2_htm10 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -241,7 +241,7 @@ strings: ...@@ -241,7 +241,7 @@ strings:
condition: condition:
15 of them 15 of them
} }
rule blackhole2_htm11 rule blackhole2_htm11 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -274,7 +274,7 @@ strings: ...@@ -274,7 +274,7 @@ strings:
condition: condition:
11 of them 11 of them
} }
rule blackhole2_htm12 rule blackhole2_htm12 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -310,7 +310,7 @@ strings: ...@@ -310,7 +310,7 @@ strings:
condition: condition:
14 of them 14 of them
} }
rule blackhole2_htm3 rule blackhole2_htm3 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -329,7 +329,7 @@ strings: ...@@ -329,7 +329,7 @@ strings:
condition: condition:
3 of them 3 of them
} }
rule blackhole2_htm4 rule blackhole2_htm4 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -359,7 +359,7 @@ strings: ...@@ -359,7 +359,7 @@ strings:
condition: condition:
8 of them 8 of them
} }
rule blackhole2_htm5 rule blackhole2_htm5 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -393,7 +393,7 @@ strings: ...@@ -393,7 +393,7 @@ strings:
condition: condition:
12 of them 12 of them
} }
rule blackhole2_htm6 rule blackhole2_htm6 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
...@@ -423,7 +423,7 @@ strings: ...@@ -423,7 +423,7 @@ strings:
condition: condition:
8 of them 8 of them
} }
rule blackhole2_htm8 rule blackhole2_htm8 : EK
{ {
meta: meta:
author = "Josh Berry" author = "Josh Berry"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment