About binary code detection
tatsuiman opened this issue · 0 comments
tatsuiman commented
I'm having trouble detecting Japanese phishing sites.
Is there a way to do it in a has_string-like way if I want to detect multibyte strings like:
$ = {e6 97 a5 e6 9c ac e8 aa 9e} // 日本語
import "zip"
rule sample
{
condition:
zip.has_string("index.php", {e6 97 a5 e6 9c ac e8 aa 9e}) > 0
}