Update MALW_Mirai_Satori_ELF.yar

2bfa5b61 · jovimon · GitHub · 367950a3 · 2bfa5b61
Unverified Commit 2bfa5b61 authored Jun 02, 2018 by jovimon Committed by GitHub Jun 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 22 deletions

MALW_Mirai_Satori_ELF.yar malware/MALW_Mirai_Satori_ELF.yar +0 -22

No files found.
--- a/malware/MALW_Mirai_Satori_ELF.yar
+++ b/malware/MALW_Mirai_Satori_ELF.yar
@@ -3,28 +3,6 @@
   and  open to any user or organization, as long as you use it under this license.
 */
-private rule is__Mirai_gen7 {
-	meta:
-		description = "Generic detection for MiraiX version 7"
-		reference = "http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html"
-		author = "unixfreaxjp"
-		org = "MalwareMustDie"
-		date = "2018-01-05"
-	strings:
-        	$st01 = "/bin/busybox rm" fullword nocase wide ascii
-        	$st02 = "/bin/busybox echo" fullword nocase wide ascii
-        	$st03 = "/bin/busybox wget" fullword nocase wide ascii
-        	$st04 = "/bin/busybox tftp" fullword nocase wide ascii
-        	$st05 = "/bin/busybox cp" fullword nocase wide ascii
-        	$st06 = "/bin/busybox chmod" fullword nocase wide ascii
-        	$st07 = "/bin/busybox cat" fullword nocase wide ascii
-	condition:
-        	5 of them
-}
 private rule is__Mirai_Satori_gen {
 	meta:
 		description = "Detects Mirai Satori_gen"