Update Miscelanea.yar

malware/Miscelanea.yar

@@ -1497,3 +1497,22 @@ rule Punisher
 	condition:
 		all of them
 }
+rule SmallNet
+{
+	meta:
+		author = " Kevin Breen <kevin@techanarchy.net>"
+		date = "2014/04"
+		ref = "http://malwareconfig.com/stats/SmallNet"
+		maltype = "Remote Access Trojan"
+		filetype = "exe"
+		
+	strings:
+		$split1 = "!!<3SAFIA<3!!"
+		$split2 = "!!ElMattadorDz!!"
+		$a1 = "stub_2.Properties"
+		$a2 = "stub.exe" wide
+		$a3 = "get_CurrentDomain"
+
+	condition:
+		($split1 or $split2) and (all of ($a*))
+}