Update MALW_Mirai_Okiru_ELF.yar

367950a3 · jovimon · GitHub · 72fa6aee · 367950a3
Unverified Commit 367950a3 authored Jun 02, 2018 by jovimon Committed by GitHub Jun 02, 2018
Show whitespace changes
Inline Side-by-side

Showing with 0 additions and 20 deletions

MALW_Mirai_Okiru_ELF.yar malware/MALW_Mirai_Okiru_ELF.yar +0 -20

No files found.
--- a/malware/MALW_Mirai_Okiru_ELF.yar
+++ b/malware/MALW_Mirai_Okiru_ELF.yar
@@ -3,26 +3,6 @@
   and  open to any user or organization, as long as you use it under this license.
 */

-private rule is__Mirai_gen7 {
-	meta:
-		description = "Generic detection for MiraiX version 7"
-		reference = "http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html"
-		author = "unixfreaxjp"
-		org = "MalwareMustDie"
-		date = "2018-01-05"
-
-	strings:
-        	$st01 = "/bin/busybox rm" fullword nocase wide ascii
-        	$st02 = "/bin/busybox echo" fullword nocase wide ascii
-        	$st03 = "/bin/busybox wget" fullword nocase wide ascii
-        	$st04 = "/bin/busybox tftp" fullword nocase wide ascii
-        	$st05 = "/bin/busybox cp" fullword nocase wide ascii
-        	$st06 = "/bin/busybox chmod" fullword nocase wide ascii
-		$st07 = "/bin/busybox cat" fullword nocase wide ascii
-
-	condition:
-        	5 of them
-}

 rule Mirai_Okiru {
 	meta: