Sneed-Reactivity/yara-mikesxrs/Mikesxrs/android_tempting_cedar_spyware.yar

rule android_tempting_cedar_spyware
{
	meta:
    	Author = "@X0RC1SM"
      Date = "2018-03-06"
      Reference = "https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware"
	strings:
		  $PK_HEADER = {50 4B 03 04}
	   	$MANIFEST = "META-INF/MANIFEST.MF"
	  	$DEX_FILE = "classes.dex"
		  $string = "rsdroid.crt"
	
	condition:
    	$PK_HEADER in (0..4) and $MANIFEST and $DEX_FILE and any of ($string*)
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule android_tempting_cedar_spyware`
			`{`
			`meta:`
			`Author = "@X0RC1SM"`
			`Date = "2018-03-06"`
			`Reference = "https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware"`
			`strings:`
			`$PK_HEADER = {50 4B 03 04}`
			`$MANIFEST = "META-INF/MANIFEST.MF"`
			`$DEX_FILE = "classes.dex"`
			`$string = "rsdroid.crt"`

			`condition:`
			`$PK_HEADER in (0..4) and $MANIFEST and $DEX_FILE and any of ($string*)`
			`}`