Sneed-Reactivity/yara-mikesxrs/clearskysec/gholee.yar

28 lines
364 B
Text
Raw Permalink Normal View History

rule gholee
{
meta:
author = "www.clearskysec.com"
date = "2014/08"
maltype = "Remote Access Trojan"
filetype = "dll"
reference = "http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/"
strings:
$a = "sandbox_avg10_vc9_SP1_2011"
$b = "gholee"
condition:
all of them
}