16 lines
405 B
Text
16 lines
405 B
Text
|
rule BlackShades
|
||
|
{
|
||
|
meta:
|
||
|
author = "Brian Wallace (@botnet_hunter)"
|
||
|
date = "2014/04"
|
||
|
ref = "http://malwareconfig.com/stats/PoisonIvy"
|
||
|
ref = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
|
||
|
family = "blackshades"
|
||
|
|
||
|
strings:
|
||
|
$string1 = "bss_server"
|
||
|
$string2 = "txtChat"
|
||
|
$string3 = "UDPFlood"
|
||
|
condition:
|
||
|
all of them
|
||
|
}
|