28 lines
780 B
Text
28 lines
780 B
Text
|
/*
|
||
|
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
|
||
|
*/
|
||
|
|
||
|
|
||
|
//41dce59ace9cce668e893c9d2c35d6859dc1c86d631a0567bfde7d34dd5cae0b
|
||
|
//61f7909512c5caf6dd125659428cf764631d5a52c59c6b50112af4a02047774c
|
||
|
//2c89d0d37257c90311436115c1cf06295c39cd0a8c117730e07be029bd8121a0
|
||
|
rule moscow_fake : banker
|
||
|
{
|
||
|
meta:
|
||
|
author = "Fernando Denis"
|
||
|
reference = "https://koodous.com/ https://twitter.com/fdrg21"
|
||
|
description = "Moskow Droid Development"
|
||
|
thread_level = 3
|
||
|
in_the_wild = true
|
||
|
|
||
|
strings:
|
||
|
$string_a = "%ioperator%"
|
||
|
$string_b = "%imodel%"
|
||
|
$string_c = "%ideviceid%"
|
||
|
$string_d = "%ipackname%"
|
||
|
$string_e = "VILLLLLL"
|
||
|
|
||
|
condition:
|
||
|
all of ($string_*)
|
||
|
}
|