Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
fb563ff2
Commit
fb563ff2
authored
Jul 16, 2015
by
mmorenog
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create Android_malware_Fake_MosKow.yar
parent
18bcf8ab
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
23 additions
and
0 deletions
+23
-0
Android_malware_Fake_MosKow.yar
Malware_Mobile/Android_malware_Fake_MosKow.yar
+23
-0
No files found.
Malware_Mobile/Android_malware_Fake_MosKow.yar
0 → 100644
View file @
fb563ff2
//41dce59ace9cce668e893c9d2c35d6859dc1c86d631a0567bfde7d34dd5cae0b
//61f7909512c5caf6dd125659428cf764631d5a52c59c6b50112af4a02047774c
//2c89d0d37257c90311436115c1cf06295c39cd0a8c117730e07be029bd8121a0
rule moscow_fake : banker
{
meta:
author = "Fernando Denis"
reference = "https://koodous.com/"
description = "Moskow Droid Development"
thread_level = 3
in_the_wild = true
strings:
$string_a = "%ioperator%"
$string_b = "%imodel%"
$string_c = "%ideviceid%"
$string_d = "%ipackname%"
$string_e = "VILLLLLL"
condition:
all of ($string_*)
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
