Sneed-Reactivity/yara-mikesxrs/pombredanne/Android_Marcher.yar

import "androguard"

rule Android_Marcher
{
	meta:
		author = "Jacob Soo Lead Re"
		date = "04-July-2016"
		description = "Marcher has been active since 2013; like any commercial malware, it is featured in different campaigns, in multiple countries."
		source = "https://exchange.xforce.ibmcloud.com/collection/Marcher-Android-Bot-eeede463ee5c2b57402fc86154411e65"

	condition:
		(androguard.filter(/com.KHLCert.fdservice/i) and
		androguard.filter(/com.KHLCert.gpservice/i))
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`import "androguard"`

			`rule Android_Marcher`
			`{`
			`meta:`
			`author = "Jacob Soo Lead Re"`
			`date = "04-July-2016"`
			`description = "Marcher has been active since 2013; like any commercial malware, it is featured in different campaigns, in multiple countries."`
			`source = "https://exchange.xforce.ibmcloud.com/collection/Marcher-Android-Bot-eeede463ee5c2b57402fc86154411e65"`

			`condition:`
			`(androguard.filter(/com.KHLCert.fdservice/i) and`
			`androguard.filter(/com.KHLCert.gpservice/i))`
			`}`