Skip to content

R
rules
Commit 49c93f3a by Marc Rivero López Committed by GitHub
Options

Update MALW_Cythosia.yar

parent 3b8c87b3
Showing with 6 additions and 1 deletions
malware/MALW_Cythosia.yar
...@@ -2,14 +2,19 @@ ...@@ -2,14 +2,19 @@
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as
long as you use it under this license. long as you use it under this license.
*/ */
rule Cythosia{
rule Cythosia
{
meta: meta:
author = "Brian Wallace @botnet_hunter" author = "Brian Wallace @botnet_hunter"
author_email = "bwall@ballastsecurity.net" author_email = "bwall@ballastsecurity.net"
date = "2015-03-21" date = "2015-03-21"
description = "Identify Cythosia" description = "Identify Cythosia"
strings: strings:
$str1 = "HarvesterSocksBot.Properties.Resources" wide $str1 = "HarvesterSocksBot.Properties.Resources" wide
condition: condition:
all of them all of them
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment