Common Information
| Type | Value |
|---|---|
| Value |
rule Generic_PDF_Contains_PowerShell_Reference {
strings:
$pdf_anchor = "PDF Comment '%PDF"
$ps_1 = "powershell" nocase
condition:
$pdf_anchor at 0 and any of ($ps_*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |