On Thu, 7 May 2020, RW wrote:
On Thu, 7 May 2020 11:39:07 -0700 (PDT)
John Hardin wrote:
100% 4-byte UTF8? That should be trivially easy to detect.
Comments solicited.
body __4BYTE_UTF8_WORD
/(?:\xf0\x9d[\x9a-\x9f][\x80-\xff]){3,10}/ tflags
__4BYTE_UTF8_WORD multiple, maxhits=10
On Thu, 7 May 2020 11:39:07 -0700 (PDT)
John Hardin wrote:
> 100% 4-byte UTF8? That should be trivially easy to detect.
>
> Comments solicited.
>
>body __4BYTE_UTF8_WORD
> /(?:\xf0\x9d[\x9a-\x9f][\x80-\xff]){3,10}/ tflags
> __4BYTE_UTF8_WORD multiple, maxhits=10 meta
> SUSP_UTF8_WO
On Thu, 7 May 2020, Brent Clark wrote:
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
This is new, too:
[π²π°ππ΄ ππ΄π½ππΈππΈπ
π΄ ππππ’ & πππππ ππ, πππ ππππππ * ππππ ππ]
...obfuscating the b
On Thu, 7 May 2020, Brent Clark wrote:
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
100% 4-byte UTF8? That should be trivially easy to detect.
Comments solicited.
body __4B
owing base64 encoded sextorsion.
https://pastebin.com/raw/MWYmfkuh
I tried using rawbody. But it was proving to not work and be the
right solution. Below is it me testing.
i.e.
body BASESEX /8J2XrvCdmIHwnZiB8J2XsvCdl7vwnZiB8J2XtvCdl7zwnZe7/
describe BASESEX Base64 Sextorsion
scoreΒ Β Β BASESE
On 29 Apr 2020, at 07:42, Joseph Brennan wrote:
> FYI part of the sender list below. I don't perceive a pattern to how
> they are generated. (This is from sort -u, not the order of arrival.)
Pattern is to take a name or common word and pad it with garbage characters
before and after.
βHey, if c
Bitcoin spam using UTF-8 mathematical monospace characters-- except
that the html tags have to be in the low ascii character range of
UTF-8.
Does outlook.com make any effort at all to filter outbound mail? In
the past 6 hours we've had 768 of these from 256 different accounts. I
have had full raw
On Wed, Apr 22, 2020 at 04:54:22PM -0700, John Hardin wrote:
> On Wed, 22 Apr 2020, Giovanni Bechis wrote:
>
> >On 4/22/20 5:43 PM, Henrik K wrote:
> >>
> >>I've updated replace_tags with these 4-byte UTF-8 characters, whatever they
> >>are, will look more indepth later..
> >>
> >you have been fas
On Wed, 22 Apr 2020, Giovanni Bechis wrote:
On 4/22/20 5:43 PM, Henrik K wrote:
I've updated replace_tags with these 4-byte UTF-8 characters, whatever they
are, will look more indepth later..
you have been faster, I have the same diff on my tree and I was going to commit
it :-)
The italic
On Wed, 22 Apr 2020 16:11:48 +0200
Brent Clark wrote:
> Good day Guys
>
> I would like to ask it someone could help write a rule for the
> following base64 encoded sextorsion.
The obfuscation is the use of unicode mathmatical sans-serif
characters rather than the encodi
rent Clark wrote:
>>> Sorry in that example I copied body.
>>> I tried rawbody and body.
>>>
>>> Regards
>>> Brent
>>>
>>> On 2020/04/22 16:11, Brent Clark wrote:
>>>> Good day Guys
>>>>
>>>> I would li
; Regards
> Brent
>
> On 2020/04/22 16:14, Brent Clark wrote:
> >Sorry in that example I copied body.
> >I tried rawbody and body.
> >
> >Regards
> >Brent
> >
> >On 2020/04/22 16:11, Brent Clark wrote:
> >>Good day Guys
> >>
>
day Guys
I would like to ask it someone could help write a rule for the
following base64 encoded sextorsion.
https://pastebin.com/raw/MWYmfkuh
I tried using rawbody. But it was proving to not work and be the right
solution. Below is it me testing.
i.e.
body BASESEX
Sorry in that example I copied body.
I tried rawbody and body.
Regards
Brent
On 2020/04/22 16:11, Brent Clark wrote:
Good day Guys
I would like to ask it someone could help write a rule for the following
base64 encoded sextorsion.
https://pastebin.com/raw/MWYmfkuh
I tried using rawbody
Good day Guys
I would like to ask it someone could help write a rule for the following
base64 encoded sextorsion.
https://pastebin.com/raw/MWYmfkuh
I tried using rawbody. But it was proving to not work and be the right
solution. Below is it me testing.
i.e.
body BASESEX
15 matches
Mail list logo