rule BlackNix { meta: author = " Kevin Breen " date = "2014/04" ref = "http://malwareconfig.com/stats/BlackNix" maltype = "Remote Access Trojan" filetype = "exe" strings: $a1 = "SETTINGS" wide $a2 = "Mark Adler" $a3 = "Random-Number-Here" $a4 = "RemoteShell" $a5 = "SystemInfo" condition: all of them }