Skip to content

R
rules
Commit d999990a by Marc Rivero López Committed by GitHub
Options

Update MALW_DiamondFox.yar

parent 88b28789
Showing with 4 additions and 0 deletions
malware/MALW_DiamondFox.yar
...@@ -2,13 +2,16 @@ ...@@ -2,13 +2,16 @@
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as
long as you use it under this license. long as you use it under this license.
*/ */
rule diamond_fox rule diamond_fox
{ {
meta: meta:
author = "Brian Wallace @botnet_hunter" author = "Brian Wallace @botnet_hunter"
author_email = "bwall@ballastsecurity.net" author_email = "bwall@ballastsecurity.net"
date = "2015-08-22" date = "2015-08-22"
description = "Identify DiamondFox" description = "Identify DiamondFox"
strings: strings:
$s1 = "UPDATE_B" $s1 = "UPDATE_B"
$s2 = "UNISTALL_B" $s2 = "UNISTALL_B"
...@@ -16,6 +19,7 @@ rule diamond_fox ...@@ -16,6 +19,7 @@ rule diamond_fox
$s4 = "P_WALLET" $s4 = "P_WALLET"
$s5 = "GR_COMMAND" $s5 = "GR_COMMAND"
$s6 = "FTPUPLOAD" $s6 = "FTPUPLOAD"
condition: condition:
all of them all of them
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment