Tool to extract indicators of compromise from security reports in PDF format
https://github.com/armbues/ioc-parser

$ ./ioc-parser.py -i pdf -o yara waterbug-attack-group.pdf
rule waterbug_attack_group
{
strings:
$Filename1 = "NDProxy.sys"
$CVE1 = "CVE-2013-5065"
$CVE2 = "CVE-2013-3346"
$CVE3 = "CVE-2013-5065"
$Filepath1 = "C:\\windows\\temp\\wincpt.bat"
$Filename2 = "wincpt.bat"
$Filename3 = "cmd.exe"
$Filename4 = "wincpt.bat"
$Filename5 = "Down.dll"
$URL1 = "http://image.servepics.com/css"
$URL2 = "http://www.pinlady.net/PluginDetectArchive/0.8.5/download"
$Filename6 = "jquery.min.js"
$Host1 = "image.servepics.com"
$Host2 = "www.pinlady.net"
$MD51 = "764d67a1dcb2449e2aa6dc3e59a5265f"
$MD52 = "bd07a78793641dc85cf75dc60c06051a"
$IP1 = "11.8.800.94"
$IP2 = "11.0.0.0"
$IP3 = "1.7.0.51"
$IP4 = "12.0.0.41"
$IP5 = "1.7.0.51"
$Host3 = "image.servepics.com"
$Host4 = "image.servepics.com"