Added folder utils and rule to detect IPs

ef6d971f · Antonio S · 9c0845a0 · ef6d971f
Commit ef6d971f authored Oct 06, 2016 by Antonio S
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

ip.yar utils/ip.yar +13 -0

No files found.
--- a/utils/ip.yar
+++ b/utils/ip.yar
+/*
+    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as
+    long as you use it under this license.
+*/
+
+rule IP {
+    meta:
+        author = "Antonio S. <asanchez@plutec.net>"
+    strings:
+        $ip = /([0-9]{1,3}\.){3}[0-9]{1,3}/ wide ascii
+    condition:
+        $ip
+}