Update Miscelanea.yar

Add "EmiratesStatement" rule. Thanks @nyx0

malware/Miscelanea.yar

@@ -659,3 +659,25 @@ rule wce
 	condition:
 		any of them
 }
+
+rule EmiratesStatement 
+{
+	meta:
+		Author 		= "Christiaan Beek"
+		Date 		= "2013-06-30"
+		Description = "Credentials Stealing Attack"
+		Reference 	= "https://blogs.mcafee.com/mcafee-labs/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean"
+		
+		hash0 = "0e37b6efe5de1cc9236017e003b1fc37"
+		hash1 = "a28b22acf2358e6aced43a6260af9170"
+		hash2 = "6f506d7adfcc2288631ed2da37b0db04"
+		hash3 = "8aebade47dc1aa9ac4b5625acf5ade8f"
+	
+	strings:
+		$string0 = "msn.klm"
+		$string1 = "wmsn.klm"
+		$string2 = "bms.klm"
+	
+	condition:
+		all of them
+}