18 lines
1.0 KiB
CFEngine3
18 lines
1.0 KiB
CFEngine3
# Subject: Your wife photos attached
|
|
header SOSDG_VIRUS_WIFE1 Subject =~ /your (wife|wifes|wife's) (photo|photos) attached/i
|
|
describe SOSDG_VIRUS_WIFE1 Subject is common virus/trojan sign
|
|
score SOSDG_VIRUS_WIFE1 3.0
|
|
|
|
body __LOCKY_TEST1 /I am sending copies of the documents as attachments/i
|
|
body __LOCKY_TEST2 /Thank you very much for your reply/i
|
|
body __LOCKY_TEST3 /I have attached the financial report you requested./i
|
|
body __LOCKY_TEST4 /I am sending you the invoice you requested/i
|
|
body __LOCKY_TEST5 /Attached please find the documents you requested/i
|
|
body __LOCKY_TEST6 /wrong data file you received from me/i
|
|
body __LOCKY_TEST7 /attached is concerned with the company database/i
|
|
|
|
mimeheader __ZIP_ATTACHED Content-Type =~ /zip/i
|
|
meta SOSDG_LOCKY_RANSOMWARE1 (( __LOCKY_TEST1 + __LOCKY_TEST2 + __LOCKY_TEST3 + __LOCKY_TEST4 + __LOCKY_TEST5 + __LOCKY_TEST6 + __LOCKY_TEST7 + __ZIP_ATTACHED ) > 1)
|
|
score SOSDG_LOCKY_RANSOMWARE1 4.0
|
|
describe SOSDG_LOCKY_RANSOMWARE1 Common patterns for Locky ransomware
|