I doubt you'll see many hits on that rule as I'd expect most URIS being
included in the infected attachments.
Imo, the ClamAV sigs make more sense.
On 9/17/19 12:36 PM, hg user wrote:
It is a "dumb" rule but the quicker I could create.
https://pastebin.com/bxRSds7a
On Tue, Sep 17, 2019 at 11:59 AM Blason R <blaso...@gmail.com> wrote:
If possible please share it here?
On Tue, Sep 17, 2019 at 3:20 PM hg user <mercurialu...@gmail.com> wrote:
A new emotet campain is in progress (https://twitter.com/Cryptolaemus1)
and I created a rule... I don't know if is it possible to share (via
pastebin) the rule I created to have feedback from the experts...
