17 lines
390 B
Text
17 lines
390 B
Text
|
rule TerminatorRat : rat
|
||
|
{
|
||
|
meta:
|
||
|
description = "Terminator RAT"
|
||
|
author = "Jean-Philippe Teissier / @Jipe_"
|
||
|
date = "2013-10-24"
|
||
|
filetype = "memory"
|
||
|
version = "1.0"
|
||
|
ref1 = "http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html"
|
||
|
|
||
|
strings:
|
||
|
$a = "Accelorator"
|
||
|
$b = "<html><title>12356</title><body>"
|
||
|
|
||
|
condition:
|
||
|
all of them
|
||
|
}
|