Common Information
| Type | Value |
|---|---|
| Value |
rule Generic_PDF_Contains_VBScript {
strings:
$pdf_anchor = "PDF Comment '%PDF"
$vb_1 = /\\b[a-z0-9]+\\.vbs/ nocase
condition:
$pdf_anchor at 0 and any of ($vb_*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |