Volatility3 MCP Server

/* This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license. */ /* Description: None Priority: 5 Scope: Against Email Tags: None Created in PhishMe's Triage on September 14, 2015 2:33 PM */ rule CryptoWall_Resume_phish : mail { meta: Author = "http://phishme.com/" reference = "https://github.com/phishme/malware_analysis/blob/master/yara_rules/cryptowall.yar" strings: $hello2="my name is " nocase $file1="resume attached" nocase $file2="my resume is pdf file" nocase $file3="attached is my resume" nocase $sal1="I would appreciate your " nocase $sal2="I am looking forward to hearing from you" nocase $sal3="I look forward to your reply" nocase $sal4="Please message me back" nocase $sal5="our early reply will be appreciated" nocase $file4="attach is my resume" nocase $file5="PDF file is my resume" nocase $sal6="Looking forward to see your response" nocase condition: 1 of ($hello*) and 1 of ($file*) and 1 of ($sal*) } /* Description: None Priority: 5 Scope: Against Attachment Tags: None Created in PhishMe's Triage on September 14, 2015 2:35 PM */ rule docx_macro : mail { strings: $header="PK" $vbaStrings="word/vbaProject.bin" nocase condition: $header at 0 and $vbaStrings }