Skip to content

R
rules
Commit e55e40ee by Marc Rivero López Committed by GitHub
Options

Update APT_Mongall.yar

parent 0f236b61
Showing with 11 additions and 6 deletions
malware/APT_Mongall.yar
...@@ -7,23 +7,26 @@ import "pe" ...@@ -7,23 +7,26 @@ import "pe"
rule Backdoor_APT_Mongal rule Backdoor_APT_Mongal
{ {
meta:
meta:
author = "@patrickrolsen" author = "@patrickrolsen"
maltype = "Backdoor.APT.Mongall" maltype = "Backdoor.APT.Mongall"
version = "0.1" version = "0.1"
reference = "fd69a799e21ccb308531ce6056944842" reference = "fd69a799e21ccb308531ce6056944842"
date = "01/04/2014" date = "01/04/2014"
strings:
strings:
$author = "author user" $author = "author user"
$title = "title Vjkygdjdtyuj" nocase $title = "title Vjkygdjdtyuj" nocase
$comp = "company ooo" $comp = "company ooo"
$cretime = "creatim\\yr2012\\mo4\\dy19\\hr15\\min10" $cretime = "creatim\\yr2012\\mo4\\dy19\\hr15\\min10"
$passwd = "password 00000000" $passwd = "password 00000000"
condition:
condition:
all of them all of them
} }
rule MongalCode : Mongal Family rule MongalCode
{ {
meta: meta:
description = "Mongal code features" description = "Mongal code features"
...@@ -38,8 +41,9 @@ rule MongalCode : Mongal Family ...@@ -38,8 +41,9 @@ rule MongalCode : Mongal Family
any of them any of them
} }
rule MongalStrings : Mongal Family rule MongalStrings
{ {
meta: meta:
description = "Mongal Identifying Strings" description = "Mongal Identifying Strings"
author = "Seth Hardy" author = "Seth Hardy"
...@@ -54,8 +58,9 @@ rule MongalStrings : Mongal Family ...@@ -54,8 +58,9 @@ rule MongalStrings : Mongal Family
any of them any of them
} }
rule Mongal : Family rule Mongal
{ {
meta: meta:
description = "Mongal" description = "Mongal"
author = "Seth Hardy" author = "Seth Hardy"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment