these rules are from "epoch 2" campain and according to the docs are included in the email... as far as i understand
i don't have clamav active in this moment.... On Tuesday, September 17, 2019, Axb <axb.li...@gmail.com> wrote: > I doubt you'll see many hits on that rule as I'd expect most URIS being > included in the infected attachments. > Imo, the ClamAV sigs make more sense. > > On 9/17/19 12:36 PM, hg user wrote: > >> It is a "dumb" rule but the quicker I could create. >> >> https://pastebin.com/bxRSds7a >> >> On Tue, Sep 17, 2019 at 11:59 AM Blason R <blaso...@gmail.com> wrote: >> >> If possible please share it here? >>> >>> On Tue, Sep 17, 2019 at 3:20 PM hg user <mercurialu...@gmail.com> wrote: >>> >>> A new emotet campain is in progress (https://twitter.com/Cryptolaemus1) >>>> and I created a rule... I don't know if is it possible to share (via >>>> pastebin) the rule I created to have feedback from the experts... >>>> >>>> >>> >> >
