Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Fidelis/AlienSpy.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

34 lines
No EOL
757 B
Text
Raw Blame History

rule AlienSpy {
meta:
description = "AlienSpy"
author = "Fidelis Cybersecurity"
reference = "Fidelis Threat Advisory #1015 - Ratting on AlienSpy - Apr 08, 2015"
strings:
$sa_1 = "META-INF/MANIFEST.MF"
$sa_2 = "Main.classPK"
$sa_3 = "plugins/Server.classPK"
$sa_4 = "IDPK"
$sb_1 = "config.iniPK"
$sb_2 = "password.iniPK"
$sb_3 = "plugins/Server.classPK"
$sb_4 = "LoadStub.classPK"
$sb_5 = "LoadStubDecrypted.classPK"
$sb_7 = "LoadPassword.classPK"
$sb_8 = "DecryptStub.classPK"
$sb_9 = "ClassLoaders.classPK"
$sc_1 = "config.xml"
$sc_2 = "options"
$sc_3 = "plugins"
$sc_4 = "util"
$sc_5 = "util/OSHelper"
$sc_6 = "Start.class"
$sc_7 = "AlienSpy"
$sc_8 = "PK"
condition:
(all of ($sa_*)) or (all of ($sb_*)) or (all of ($sc_*))
}
Reference in a new issue View git blame Copy permalink