Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
a9829518
Commit
a9829518
authored
Apr 06, 2016
by
Antonio S
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added rule to detect Tachi for Android
parent
471a011e
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
0 deletions
+31
-0
Android_Tachi.yar
Mobile_Malware/Android_Tachi.yar
+31
-0
No files found.
Mobile_Malware/Android_Tachi.yar
0 → 100644
View file @
a9829518
rule tachi : android
{
meta:
author = "https://twitter.com/plutec_net"
source = "https://analyst.koodous.com/rulesets/1332"
description = "This rule detects tachi apps (not all malware)"
sample = "10acdf7db989c3acf36be814df4a95f00d370fe5b5fda142f9fd94acf46149ec"
strings:
$a = "svcdownload"
$xml_1 = "<config>"
$xml_2 = "<apptitle>"
$xml_3 = "<txinicio>"
$xml_4 = "<txiniciotitulo>"
$xml_5 = "<txnored>"
$xml_6 = "<txnoredtitulo>"
$xml_7 = "<txnoredretry>"
$xml_8 = "<txnoredsalir>"
$xml_9 = "<laurl>"
$xml_10 = "<txquieresalir>"
$xml_11 = "<txquieresalirtitulo>"
$xml_11 = "<txquieresalirsi>"
$xml_12 = "<txquieresalirno>"
$xml_13 = "<txfiltro>"
$xml_14 = "<txfiltrourl>"
$xml_15 = "<posicion>"
condition:
$a and 4 of ($xml_*)
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
