Update Android_Malware_Ramsonware.yar

18bcf8ab · mmorenog · 0e055f7b · 18bcf8ab
Commit 18bcf8ab authored Jul 16, 2015 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 0 deletions

Android_Malware_Ramsonware.yar Malware_Mobile/Android_Malware_Ramsonware.yar +22 -0

No files found.
--- a/Malware_Mobile/Android_Malware_Ramsonware.yar
+++ b/Malware_Mobile/Android_Malware_Ramsonware.yar
@@ -17,3 +17,25 @@ rule ransomware : svpeng
 	condition:
 		$a and $b
 }
+
+
+rule Ransomware : banker
+{
+	meta:
+		author = "Fernando Denis"
+		reference = "https://koodous.com/"
+		description = "Ransomware Test 2"
+		thread_level = 3
+		in_the_wild = true
+
+	strings:
+
+		$strings_a = "!2,.B99^GGD&R-"
+		$strings_b = "22922222222222222222Q^SAAWA"
+		$strings_c = "t2222222222229222Q^SAAWA"
+
+	
+
+	condition:
+		any of ($strings_*)
+}