22 lines
439 B
Text
22 lines
439 B
Text
|
rule xtremrat : rat
|
||
|
{
|
||
|
meta:
|
||
|
author = "Jean-Philippe Teissier / @Jipe_"
|
||
|
description = "Xtrem RAT v3.5"
|
||
|
date = "2012-07-12"
|
||
|
version = "1.0"
|
||
|
filetype = "memory"
|
||
|
|
||
|
strings:
|
||
|
$a = "XTREME" wide
|
||
|
$b = "XTREMEBINDER" wide
|
||
|
$c = "STARTSERVERBUFFER" wide
|
||
|
$d = "SOFTWARE\\XtremeRAT" wide
|
||
|
$e = "XTREMEUPDATE" wide
|
||
|
$f = "XtremeKeylogger" wide
|
||
|
$g = "myversion|3.5" wide
|
||
|
$h = "xtreme rat" wide nocase
|
||
|
condition:
|
||
|
2 of them
|
||
|
}
|