rule Punisher { meta: author = " Kevin Breen " date = "2014/04" ref = "http://malwareconfig.com/stats/Punisher" maltype = "Remote Access Trojan" filetype = "exe" strings: $a = "abccba" $b = {5C 00 68 00 66 00 68 00 2E 00 76 00 62 00 73} $c = {5C 00 73 00 63 00 2E 00 76 00 62 00 73} $d = "SpyTheSpy" wide ascii $e = "wireshark" wide $f = "apateDNS" wide $g = "abccbaDanabccb" condition: all of them }