rule TerminatorRat : rat { meta: description = "Terminator RAT" author = "Jean-Philippe Teissier / @Jipe_" date = "2013-10-24" filetype = "memory" version = "1.0" ref1 = "http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html" strings: $a = "Accelorator" $b = "12356" condition: all of them }