rule LinuxDDOS_Agent
	{
	meta:
		author = "Damian Baran"
		reference = "https://github.com/nxdamian/YARA-Public"
		type = "info"
		severity = 1
		description = "Search for LinuxDDOS_Agent malware"
    strings:
		$LinDDOS_1={657468303A254C7520254C7520254C7520254C7520254C7520254C7520254C7520254C7520254C75}
		$LinDDOS_2={564552534F4E45583A25737C25647C25647C2573}
		$LinDDOS_3={4D722E426C61636B}
		$LinDDOS_4={2F6574632F696E69742E642F706B746D616B}
		$LinDDOS_5={636F64653A313032207772697465206175746F72756E20736372697074206661696C21}	
		$LinDDOS_6={63686D6F6420373737202F6574632F696E69742E642F706B746D616B65}
		$LinDDOS_7={6C6E20202D7320202D6620202F6574632F696E69742E642F706B746D616B6520202F6574632F7263322E642F533939706B746D616B65}
		$LinDDOS_8={6C6E20202D7320202D6620202F6574632F696E69742E642F706B746D616B6520202F6574632F72632E642F7263362E642F533939706B746D616B65}
		$LinDDOS_9={6B696C6C616C6C2020706B746D616B65}
		$LinDDOS_10={2F62696E2F706B746D616B}
		$LinDDOS_11={2E2F62696E2F706B746D616B65202D6B696C6C2025}
		$LinDDOS_12={53656E64537973496E666F20}
		$LinDDOS_13={374941747461636B}
		$LinDDOS_14={646F737365742E64746462}
		$LinDDOS_15={34372E66333332322E6F7267}
		$LinDDOS_16={675F6241747461636B}
		$LinDDOS_17={41747461636B576F726B6572}
		$LinDDOS_18={4465616C7769746844446F53}
		$LinDDOS_19={6B30306C6970}
		$LinDDOS_20={646E73416D70}
		$LinDDOS_21={675F6241747461636B2E62636F7079}
		$LinDDOS_22={4465616C5769746844446F53}
	condition:
        any of them
}