Sneed-Reactivity/yara-mikesxrs/Citizen Lab/mongal.yara

41 lines
852 B
Text
Raw Normal View History

private rule MongalCode : Mongal Family
{
meta:
description = "Mongal code features"
author = "Seth Hardy"
last_modified = "2014-07-15"
strings:
// gettickcount value checking
$ = { 8B C8 B8 D3 4D 62 10 F7 E1 C1 EA 06 2B D6 83 FA 05 76 EB }
condition:
any of them
}
private rule MongalStrings : Mongal Family
{
meta:
description = "Mongal Identifying Strings"
author = "Seth Hardy"
last_modified = "2014-07-15"
strings:
$ = "NSCortr.dll"
$ = "NSCortr1.dll"
$ = "Sina.exe"
condition:
any of them
}
rule Mongal : Family
{
meta:
description = "Mongal"
author = "Seth Hardy"
last_modified = "2014-07-15"
condition:
MongalCode or MongalStrings
}