Merge pull request #274 from wolfvan/master

New linux malware rules

malware/MALW_IotReaper.yar

+rule IotReaper: MALW
+{
+	meta:
+		description = "Linux.IotReaper"
+		author = "Joan Soriano / @w0lfvan"
+		date = "2017-10-30"
+		version = "1.0"
+		MD5 = "95b448bdf6b6c97a33e1d1dbe41678eb"
+		SHA256 = "b463ca6c3ec7fa19cd318afdd2fa2365fa9e947771c21c4bd6a3bc2120ba7f28"
+	strings:
+		$a = "weruuoqweiur.com"
+		$b = "rm -f /tmp/ftpupload.sh \n"
+		$c = "%02x-%02x-%02x-%02x-%02x-%02x"
+	condition:
+		all of them
+}

malware/MALW_LinuxBew.yar

+rule LinuxBew: MALW
+{
+	meta:
+		description = "Linux.Bew Backdoor"
+		author = "Joan Soriano / @w0lfvan"
+		date = "2017-07-10"
+		version = "1.0"
+		MD5 = "27d857e12b9be5d43f935b8cc86eaabf"
+		SHA256 = "80c4d1a1ef433ac44c4fe72e6ca42395261fbca36eff243b07438263a1b1cf06"
+	strings:
+		$a = "src/secp256k1.c"
+		$b = "hfir.u230.org"
+		$c = "tempfile-x11session"
+	condition:
+		all of them
+}

malware/MALW_LinuxHelios.yar

+rule LinuxHelios: MALW
+{
+	meta:
+		description = "Linux.Helios"
+		author = "Joan Soriano / @w0lfvan"
+		date = "2017-10-19"
+		version = "1.0"
+		MD5 = "1a35193f3761662a9a1bd38b66327f49"
+		SHA256 = "72c2e804f185bef777e854fe86cff3e86f00290f32ae8b3cb56deedf201f1719"
+	strings:
+		$a = "LIKE A GOD!!! IP:%s User:%s Pass:%s"
+		$b = "smack"
+		$c = "PEACE OUT IMMA DUP\n"
+	condition:
+		all of them
+}

malware/MALW_Trumpbot.yar

+rule TrumpBot : MALW
+{
+	meta:
+		description = "TrumpBot"
+		author = "Joan Soriano / @joanbtl"
+		date = "2017-04-16"
+		version = "1.0"
+		MD5 = "77122e0e6fcf18df9572d80c4eedd88d"
+		SHA1 = "108ee460d4c11ea373b7bba92086dd8023c0654f"
+
+	strings:
+		$string = "trumpisdaddy"
+		$ip = "198.50.154.188"
+	condition:
+		 all of them
+}