Sneed-Reactivity/yara-mikesxrs/McAfee/Spygate_2.9_RAT.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

17 lines
429 B
Text

rule SpyGate_v2_9
{
meta:
author = "McAfee"
date = "2014/09"
maltype = "Spygate v2.9 Remote Access Trojan"
filetype = "exe"
reference = "https://blogs.mcafee.com/mcafee-labs/middle-east-developer-spygate-struts-stuff-online"
strings:
$1 = "shutdowncomputer" wide
$2 = "shutdown -r -t 00" wide
$3 = "blockmouseandkeyboard" wide
$4 = "ProcessHacker"
$5 = "FileManagerSplit" wide
condition:
all of them
}