Commit 25ddfa49 by j0sm1

Merge pull request #85 from plutec/master

Added ruleset to detect a type of scam
parents f4341bde ce12e9fa
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This Yara ruleset is under the GNU-GPLv2 license ( and open to any user or organization, as
long as you use it under this license.
rule content {
author = "A.Sanchez <>"
description = "Detects scam emails with phishing attachment."
test1 = "email/eml/transferencia1.eml"
test2 = "email/eml/transferencia2.eml"
$subject = "Asunto: Justificante de transferencia" nocase
$body = "Adjunto justificante de transferencia"
all of them
rule attachment {
author = "A.Sanchez <>"
description = "Detects scam emails with phishing attachment."
test1 = "email/eml/transferencia1.eml"
test2 = "email/eml/transferencia2.eml"
$filename = "filename=\"scan001.pdf.html\""
$pleaseEnter = "NTAlNkMlNjUlNjElNzMlNjUlMjAlNjUlNkUlNzQlNjUlNzIlMjAlN" // Please enter
$emailReq = "NkQlNjUlNkUlNzQlMkUlNjklNkUlNjQlNjUlNzglMzIlMkUlNDUlNkQlNjElNjklNkMlM0I" // ment.index2.Email;
$pAssign = "NzAlMjAlM0QlMjAlNjQlNkYlNjMlNzUlNkQlNjUlNkUlNzQlMkUlNjklNkUlNjQlNjUl" // p = document.inde
all of them
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment