This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
import "androguard"
rule sensual_woman: chinese
{
meta:
author = "https://twitter.com/plutec_net"
reference = "https://koodous.com/"
condition:
androguard.package_name(/com.phone.gzlok.live/)
or androguard.package_name(/com.yongrun.app.sxmn/)
or androguard.package_name(/com.wnm.zycs/)
or androguard.package_name(/com.charile.chen/i)
or androguard.package_name(/com.sp.meise/i)
or androguard.package_name(/com.legame.wfxk.wjyg/)
or androguard.package_name(/com.video.uiA/i)
}
import "androguard"
rule chinese2 : sms_sender
{
meta:
author = "https://twitter.com/plutec_net"
reference = "https://koodous.com/"
condition:
androguard.package_name(/com.adr.yykbplayer/) or
androguard.package_name(/sdej.hpcite.icep/) or
androguard.package_name(/p.da.wdh/) or
androguard.package_name(/com.shenqi.video.sjyj.gstx/) or
