mirror of
https://github.com/cert-orangecyberdefense/cti
synced 2026-06-08 14:45:26 +00:00
Mar-Pic
11 lines
289 B
Plaintext
11 lines
289 B
Plaintext
rule EmmenHTAl : malware {
|
|
strings:
|
|
$s1 = " = String.fromCharCode("
|
|
$s2 = ";var "
|
|
$s3 = "eval("
|
|
$s4 = "</script>"
|
|
$s5 = "<HTA:APPLICATION CAPTION = \"no\" WINDOWSTATE = \"minimize\" SHOWINTASKBAR = \"no\" >"
|
|
condition:
|
|
all of them
|
|
}
|