Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
d21cf41b
Commit
d21cf41b
authored
Sep 07, 2015
by
mmorenog
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create js_obfuscator.yar
parent
82f4a4cc
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
19 additions
and
0 deletions
+19
-0
js_obfuscator.yar
malware/js_obfuscator.yar
+19
-0
No files found.
malware/js_obfuscator.yar
0 → 100644
View file @
d21cf41b
/*
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
rule jjEncode
{
meta:
description = "jjencode detection"
ref = "http://blog.xanda.org/2015/06/10/yara-rule-for-jjencode/"
author = "adnan.shukor@gmail.com"
date = "10-June-2015"
version = "1"
impact = 3
hide = false
strings:
$jjencode = /(\$|[\S]+)=~\[\]\;(\$|[\S]+)\=\{[\_]{3}\:[\+]{2}(\$|[\S]+)\,[\$]{4}\:\(\!\[\]\+["]{2}\)[\S]+/ fullword
condition:
$jjencode
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
