Sneed-Reactivity/yara-mikesxrs/pombredanne/SandroRat.yar

import "androguard"

rule SandroRat
{
	meta:
		author = "Jacob Soo Lead Re"
		date = "21-May-2016"
		description = "This rule detects SandroRat"
		source = "https://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing/"

	condition:
		androguard.activity(/net.droidjack.server/i) 
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`import "androguard"`

			`rule SandroRat`
			`{`
			`meta:`
			`author = "Jacob Soo Lead Re"`
			`date = "21-May-2016"`
			`description = "This rule detects SandroRat"`
			`source = "https://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing/"`

			`condition:`
			`androguard.activity(/net.droidjack.server/i)`
			`}`