Add Rarog/Flashpoint Rule
Closed this issue · 1 comments
jonashrem commented
As far as I see, those are not included yet.
See here https://www.flashpoint-intel.com/blog/compromised-magento-sites-delivering-malware/ and https://www.flashpoint-intel.com/wp-content/uploads/2018/04/rarog_yara_rule.txt
for details.
I'm not sure about the best way to convert this to regex here, so I didn't create a pull request.
gwillem commented
Thanks! Have added a burner domain (with about 1K occurrences). The rest was already covered or not found in the wild (anymore).