Sneed-Reactivity/yara-mikesxrs/alienvault/Careto_CnC_domains.yar

rule Careto_CnC_domains {
	meta:
		author = "AlienVault (Alberto Ortega)"
		description = "TheMask / Careto known command and control domains"
		reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"
	strings:
		$1 = "linkconf.net" ascii wide nocase
		$2 = "redirserver.net" ascii wide nocase
		$3 = "swupdt.com" ascii wide nocase
	condition:
		any of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule Careto_CnC_domains {`
			`meta:`
			`author = "AlienVault (Alberto Ortega)"`
			`description = "TheMask / Careto known command and control domains"`
			`reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"`
			`strings:`
			`$1 = "linkconf.net" ascii wide nocase`
			`$2 = "redirserver.net" ascii wide nocase`
			`$3 = "swupdt.com" ascii wide nocase`
			`condition:`
			`any of them`
			`}`