19 lines
404 B
Text
19 lines
404 B
Text
|
rule SmallNet
|
||
|
{
|
||
|
meta:
|
||
|
author = " Kevin Breen <kevin@techanarchy.net>"
|
||
|
date = "2014/04"
|
||
|
ref = "http://malwareconfig.com/stats/SmallNet"
|
||
|
maltype = "Remote Access Trojan"
|
||
|
filetype = "exe"
|
||
|
|
||
|
strings:
|
||
|
$split1 = "!!<3SAFIA<3!!"
|
||
|
$split2 = "!!ElMattadorDz!!"
|
||
|
$a1 = "stub_2.Properties"
|
||
|
$a2 = "stub.exe" wide
|
||
|
$a3 = "get_CurrentDomain"
|
||
|
|
||
|
condition:
|
||
|
($split1 or $split2) and (all of ($a*))
|
||
|
}
|