Update MALW_Andromeda.yar

689853ad · mmorenog · GitHub · cda4448d · 689853ad
Commit 689853ad authored Jul 20, 2016 by mmorenog Committed by GitHub Jul 20, 2016
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

MALW_Andromeda.yar malware/MALW_Andromeda.yar +10 -0

No files found.
--- a/malware/MALW_Andromeda.yar
+++ b/malware/MALW_Andromeda.yar
@@ -15,3 +15,13 @@ rule andromeda : binary bot
    condition:
        all of them
 }
+rule Worm_Gamarue {
+	meta:
+		author = "Centro Criptológico Nacional (CCN)"
+		ref = "https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html"
+		description = "Gamarue_Andromeda"		
+	strings:
+		$a = { 69 E1 2A B0 2D 80 44 E3 2D 80 44 E3 2D 80 44 E3 EE 8F 1B E3 2A 80 44 E3 EE 8F 19 E3 3A 80 44 E3 2D 80 45 E3 CD 81 44 E3 0A 46 39 E3 34 80 44 E3 0A 46 29 E3 A5 80 44 E3 0A 46 2A E3 5C 80 44 E3 0A 46 36 E3 2C 80 44 E3 0A 46 3C E3 2C 80 44 E3 }
+	condition:
+		$a 
+}