Common Information
| Type | Value |
|---|---|
| Value |
rule M_Hunting_BrowserExtension_CRX_1 {
meta:
author = "Mandiant"
description = "Hunting for CRX extension files."
md5 = "b07c560ac6ef98dd1d9fbce144bc62f6"
strings:
$a = "manifest.json"
$crx = { 43 72 32 34 }
$pk = { 50 4B 03 04 }
condition:
($crx at 0) and $a and (#pk > 1) and (for any i in (1 .. #pk) : ( $a at @pk[i] + 30 ))
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |