Common Information
| Type | Value |
|---|---|
| Value |
rule Generic_PDF_Contains_Batch_Script {
strings:
$pdf_anchor = "PDF Comment '%PDF"
$bat_1 = /\\b[a-z0-9]+\\.bat/ nocase
condition:
$pdf_anchor at 0 and any of ($bat_*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |