22 lines
676 B
Text
22 lines
676 B
Text
|
rule BabukRansomwareV3 {
|
||
|
meta:
|
||
|
description = "YARA rule for Babuk Ransomware v3"
|
||
|
reference = "http://chuongdong.com/reverse%20engineering/2021/01/16/BabukRansomware-v3/"
|
||
|
author = "@cPeterr"
|
||
|
date = "2021-01-16"
|
||
|
rule_version = "v3"
|
||
|
malware_type = "ransomware"
|
||
|
tlp = "white"
|
||
|
strings:
|
||
|
$lanstr1 = "-lanfirst"
|
||
|
$lanstr2 = "-nolan"
|
||
|
$lanstr3 = "shares"
|
||
|
$str1 = "BABUK LOCKER"
|
||
|
$str2 = "babukq4e2p4wu4iq.onion"
|
||
|
$str3 = "How To Restore Your Files.txt" wide
|
||
|
$str4 = "babuk_v3"
|
||
|
$str5 = ".babyk" wide
|
||
|
condition:
|
||
|
all of ($str*) and all of ($lanstr*)
|
||
|
}
|