Skip to content

R
rules
Commit dfa5e898 by mmorenog
Options

Update Android_Drendoid_RAT.yar

parent c633b4af
Showing with 6 additions and 4 deletions
Malware_Mobile/Android_Drendoid_RAT.yar
...@@ -6,8 +6,8 @@ ...@@ -6,8 +6,8 @@
rule Dendroid rule Dendroid
{ {
meta: meta:
author = "https://twitter.com/jsmesa" author = "https://twitter.com/jsmesa"
reference = "https://koodous.com/" reference = "https://koodous.com/"
description = "Dendroid RAT" description = "Dendroid RAT"
strings: strings:
$s1 = "/upload-pictures.php?" $s1 = "/upload-pictures.php?"
...@@ -23,7 +23,8 @@ rule Dendroid ...@@ -23,7 +23,8 @@ rule Dendroid
rule Dendroid_2 rule Dendroid_2
{ {
meta: meta:
author = "https://twitter.com/jsmesa" author = "https://twitter.com/jsmesa"
reference = "https://koodous.com/"
description = "Dendroid evidences via Droidian service" description = "Dendroid evidences via Droidian service"
strings: strings:
$a = "Droidian" $a = "Droidian"
...@@ -36,7 +37,8 @@ rule Dendroid_2 ...@@ -36,7 +37,8 @@ rule Dendroid_2
rule Dendroid_3 rule Dendroid_3
{ {
meta: meta:
author = "https://twitter.com/jsmesa" author = "https://twitter.com/jsmesa"
reference = "https://koodous.com/"
description = "Dendroid evidences via ServiceReceiver" description = "Dendroid evidences via ServiceReceiver"
strings: strings:
$1 = "ServiceReceiver" $1 = "ServiceReceiver"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment