#Yara Rule for #TA505 Latest Campaign

rule ta505_downloader
{
meta:
	author = "Krishnendu Paul"
	description = "TA505 June 2020"
	
    strings:
	$meta_hex	=	"document.getElementById"
	$meta_app	= "template.innerHTML"
	$meta_filetype	= "iframeTemplate"
	$meta_b	=	"element.innerHTML"
	
    condition:
	all of ($meta_*) and filesize < 250000
}