Sneed-Reactivity/yara-mikesxrs/McAfee/GPGQwerty_ransomware.yar

28 lines
446 B
Text
Raw Normal View History

rule crime_ransomware_windows_GPGQwerty: crime_ransomware_windows_GPGQwerty
{
meta:
author = "McAfee Labs"
description = "Detect GPGQwerty ransomware"
reference = "https://securingtomorrow.mcafee.com/mcafee-labs/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard/"
strings:
$a = "gpg.exe recipient qwerty -o"
$b = "%s%s.%d.qwerty"
$c = "del /Q /F /S %s$recycle.bin"
$d = "cryz1@protonmail.com"
condition:
all of them
}