Writing a YARA rule and stuck at a point where I cannot seem to find the correct regex to use.
The object of the rule is to scan the headers of emails and match any IPv4 address found that begins with 10.13
Relevant documentation: https://yara.readthedocs.io/en/v3.4.0/modules/cuckoo.html https://github.com/VirusTotal/yara
I've done a bit of reading and searched here but wasn't able to find any other instances of someone wanting to do the same thing I am. I was able to throw together this but its not working for reasons that are unknown to me
"\/^10.13.(.*)?$"
I thought it might be something to do with not escaping the periods but when I try to do so I get errors, no actual error information though.
