Update DarkComet.yar

malware/DarkComet.yar

@@ -97,3 +97,16 @@ rule DarkComet_Keylogger_File
 	condition:
 		($magic at 0) and #entry > 10 and #timestamp > 10
 }
+rule DarkComet
+{	meta:
+		reference = "https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara"
+	strings:
+	    $a1 = "#BOT#"
+	    $a2 = "WEBCAMSTOP"
+	    $a3 = "UnActiveOnlineKeyStrokes"
+	    $a4 = "#SendTaskMgr"
+	    $a5 = "#RemoteScreenSize"
+	    $a6 = "ping 127.0.0.1 -n 4 > NUL &&"
+	condition:
+		all of them
+}