08e8d462fe
RED PILL 🔴 💊
75 lines
2.2 KiB
Text
75 lines
2.2 KiB
Text
/*
|
|
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
|
|
*/
|
|
|
|
/*
|
|
Androguard module used in this rule file is under development by people at https://koodous.com/.
|
|
|
|
You can get it, along with installation instructions, at https://github.com/Koodous/androguard-yara
|
|
*/
|
|
|
|
import "androguard"
|
|
|
|
rule sensual_woman: chinese
|
|
{
|
|
meta:
|
|
author = "https://twitter.com/plutec_net"
|
|
reference = "https://koodous.com/"
|
|
condition:
|
|
androguard.package_name(/com.phone.gzlok.live/)
|
|
or androguard.package_name(/com.yongrun.app.sxmn/)
|
|
or androguard.package_name(/com.wnm.zycs/)
|
|
or androguard.package_name(/com.charile.chen/i)
|
|
or androguard.package_name(/com.sp.meise/i)
|
|
or androguard.package_name(/com.legame.wfxk.wjyg/)
|
|
or androguard.package_name(/com.video.uiA/i)
|
|
}
|
|
|
|
rule chinese2 : sms_sender
|
|
{
|
|
meta:
|
|
author = "https://twitter.com/plutec_net"
|
|
reference = "https://koodous.com/"
|
|
condition:
|
|
androguard.package_name(/com.adr.yykbplayer/) or
|
|
androguard.package_name(/sdej.hpcite.icep/) or
|
|
androguard.package_name(/p.da.wdh/) or
|
|
androguard.package_name(/com.shenqi.video.sjyj.gstx/) or
|
|
androguard.package_name(/cjbbtwkj.xyduzi.fa/) or
|
|
androguard.package_name(/kr.mlffstrvwb.mu/)
|
|
}
|
|
|
|
rule chinese_porn : SMSSend
|
|
{
|
|
meta:
|
|
author = "https://twitter.com/plutec_net"
|
|
reference = "https://koodous.com/"
|
|
condition:
|
|
androguard.package_name("com.tzi.shy") or
|
|
androguard.package_name("com.shenqi.video.nfkw.neim")
|
|
}
|
|
|
|
rule chineseporn4 : SMSSend
|
|
{
|
|
meta:
|
|
author = "https://twitter.com/plutec_net"
|
|
reference = "https://koodous.com/"
|
|
condition:
|
|
androguard.activity(/com\.shenqi\.video\.Welcome/) or
|
|
androguard.package_name("org.mygson.videoa.zw")
|
|
}
|
|
|
|
rule chineseporn5 : SMSSend
|
|
{
|
|
meta:
|
|
author = "https://twitter.com/plutec_net"
|
|
reference = "https://koodous.com/"
|
|
condition:
|
|
androguard.package_name("com.shenqi.video.ycef.svcr") or
|
|
androguard.package_name("dxas.ixa.xvcekbxy") or
|
|
androguard.package_name("com.video.ui") or
|
|
androguard.package_name("com.qq.navideo") or
|
|
androguard.package_name("com.android.sxye.wwwl") or
|
|
androguard.certificate.issuer(/llfovtfttfldddcffffhhh/)
|
|
|
|
}
|