Sneed-Reactivity/yara-mikesxrs/Cado Security/Lambda_Malware.yar

rule lambda_malware
{
    meta:
        description = "Detects AWS Lambda Malware"
        author = "cdoman@cadosecurity.com"
        reference = "https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/"
        license = "Apache License 2.0"
        date = "2022-04-03"
        hash1 = "739fe13697bc55870ceb35003c4ee01a335f9c1f6549acb6472c5c3078417eed"
        hash2 = "a31ae5b7968056d8d99b1b720a66a9a1aeee3637b97050d95d96ef3a265cbbca"
    strings:
        $a = "github.com/likexian/doh-go/provider/"
        $b = "Mozilla/5.0 (compatible; Ezooms/1.0; help@moz.com)"
        $c = "username:password pair for mining server"
    condition:
        filesize < 30000KB and all of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule lambda_malware`
			`{`
			`meta:`
			`description = "Detects AWS Lambda Malware"`
			`author = "cdoman@cadosecurity.com"`
			`reference = "https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/"`
			`license = "Apache License 2.0"`
			`date = "2022-04-03"`
			`hash1 = "739fe13697bc55870ceb35003c4ee01a335f9c1f6549acb6472c5c3078417eed"`
			`hash2 = "a31ae5b7968056d8d99b1b720a66a9a1aeee3637b97050d95d96ef3a265cbbca"`
			`strings:`
			`$a = "github.com/likexian/doh-go/provider/"`
			`$b = "Mozilla/5.0 (compatible; Ezooms/1.0; help@moz.com)"`
			`$c = "username:password pair for mining server"`
			`condition:`
			`filesize < 30000KB and all of them`
			`}`