Update BlackShades.yar

54987c9a · mmorenog · 23957f3b · 54987c9a
Commit 54987c9a authored May 25, 2015 by mmorenog
Show whitespace changes
Inline Side-by-side

Showing with 16 additions and 0 deletions

BlackShades.yar malware/BlackShades.yar +16 -0

No files found.
--- a/malware/BlackShades.yar
+++ b/malware/BlackShades.yar
@@ -116,3 +116,19 @@ rule BlackShades : Trojan
 		$signature1 and $signature2 and $signature3
 }
+rule BlackShades_25052015
+{
+    meta:
+        author = "Brian Wallace (@botnet_hunter)"
+        date = "2014/04"
+        ref = "http://malwareconfig.com/stats/PoisonIvy"
+        ref = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
+        family = "blackshades"
+    strings:
+        $string1 = "bss_server"
+        $string2 = "txtChat"
+        $string3 = "UDPFlood"
+    condition:
+        all of them
+}