Merge pull request #263 from mikesxrs/patch-7

Create MALW_adwind_RAT.yar

Merge pull request #263 from mikesxrs/patch-7
Create MALW_adwind_RAT.yar
2b474ade · Antonio Sánchez · GitHub · 5190a2ea · 95c41189 · 2b474ade
Commit 2b474ade authored Jul 03, 2017 by Antonio Sánchez Committed by GitHub Jul 03, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

MALW_adwind_RAT.yar malware/MALW_adwind_RAT.yar +14 -0

No files found.
--- a/malware/MALW_adwind_RAT.yar
+++ b/malware/MALW_adwind_RAT.yar
+rule Adwind
+{
+meta:
+        author="Asaf Aprozper, asafa AT minerva-labs.com"
+        description = "Adwind RAT"
+        reference = "https://minerva-labs.com/post/adwind-and-other-evasive-java-rats"
+        last_modified = "2017-06-25"
+strings:
+        $a0 = "META-INF/MANIFEST.MF"
+        $a1 = /Main(\$)Q[0-9][0-9][0-9][0-9]/
+        $PK = "PK"
+condition:
+        $PK at 0 and $a0 and $a1
+}