Create Android_Spynet.yar

091382fa · mmorenog · GitHub · 3e691da6 · 091382fa
Commit 091382fa authored Aug 19, 2016 by mmorenog Committed by GitHub Aug 19, 2016
Show whitespace changes
Inline Side-by-side

Showing with 26 additions and 0 deletions

Android_Spynet.yar Mobile_Malware/Android_Spynet.yar +26 -0

No files found.
--- a/Mobile_Malware/Android_Spynet.yar
+++ b/Mobile_Malware/Android_Spynet.yar
+/*
+    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.
+
+*/
+
+import "file"
+
+rule SpyNet : malware
+{
+	meta:
+		description = "Ruleset to detect SpyNetV2 samples. "
+		sample = "e6ef34577a75fc0dc0a1f473304de1fc3a0d7d330bf58448db5f3108ed92741b"
+
+	strings:
+	$a = "odNotice.txt"
+	$b = "camera This device has camera!"
+	$c = "camera This device has Nooo camera!"
+	$d = "send|1sBdBBbbBBF|K|"
+	$e = "send|372|ScreamSMS|senssd"
+	$f = "send|5ms5gs5annc"
+	$g = "send|45CLCLCa01"
+	$h = "send|999SAnd|TimeStart"
+	$i = "!s!c!r!e!a!m!"
+	condition:
+		4 of them 
+}