rule Bozok { meta: author = " Kevin Breen " date = "2014/04" ref = "http://malwareconfig.com/stats/Bozok" maltype = "Remote Access Trojan" filetype = "exe" strings: $a = "getVer" nocase $b = "StartVNC" nocase $c = "SendCamList" nocase $d = "untPlugin" nocase $e = "gethostbyname" nocase condition: all of them }