Sneed-Reactivity/yara-mikesxrs/secureworks/Mirage_APT_Backdoor.yar

18 lines
526 B
Text
Raw Normal View History

rule Mirage_APT_Backdoor : APT Mirage Backdoor Rat MirageRat
{
meta:
author = "Silas Cutler (SCutler@SecureWorks.com)"
version = "1.0"
description = "Malware related to APT campaign"
type = "APT Trojan / RAT / Backdoor"
reference = "https://www.secureworks.com/research/the-mirage-campaign"
strings:
$a1 = "welcome to the desert of the real"
$a2 = "Mirage"
$b = "Encoding: gzip"
$c = /\/[A-Za-z]*\?hl=en/
condition:
(($a1 or $a2) or $b) and $c
}