Sneed-Reactivity/yara-mikesxrs/Mikesxrs/ALFA_TEaM_Shell_V1.yar

22 lines
559 B
Text
Raw Normal View History

rule ALFA_TEaM_Shell_V1
{
meta:
Author = "@X0RC1SM"
Description = "Looking for ALFA TEaM Shell"
Reference = "https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html"
Date = "2017-10-28"
strings:
$STR1 = "#Iranian Hackers"
$STR2 = "#Persian Gulf For Ever"
$STR3 = "#Special Thanks To MadLeets"
$STR4 = "function alfa("
$STR5 = "=alfa("
$STR6 = "#Author Sole Sad & Invisible"
$STR7 = "#solevisible@gmail.com"
$STR8 = "#CopyRight 2014"
condition:
5 of them
}