feat: added another malware and update reference
parent
46e7b13d6a
commit
c0d0cfab82
|
@ -4,10 +4,7 @@ info:
|
|||
name: Alina Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2014-08-09"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Alina.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Andromeda Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2014-03-13"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Andromeda.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Arkei Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Fumik0_"
|
||||
date: "2014-07-10"
|
||||
hash: "5632c89fe4c7c2c87b69d787bbf0a5b4cc535f1aa02699792888c60e0ef88fc5"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Arkei.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Backoff Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2014-08-21"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Backoff.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Blackworm Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2015-05-20"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_BlackWorm.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Bublik Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Kevin Falcoz"
|
||||
date: "29/09/2013"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Bublik.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
id: malware_cap_hookexkeylogger
|
||||
|
||||
info:
|
||||
name: CAP HookExKeylogger Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_CAP_HookExKeylogger.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "SetWindowsHookEx"
|
||||
- "WH_KEYBOARD_LL"
|
||||
condition: and
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "SetWindowsHookEx"
|
||||
- "WH_KEYBOARD"
|
||||
condition: and
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "WH_KEYBOARD"
|
||||
- "WH_KEYBOARD_LL"
|
||||
condition: and
|
||||
case-insensitive: true
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Cxpid Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cxpid.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Cythosia Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2015-03-21"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cythosia.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,9 @@ info:
|
|||
name: DDoSTf Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "benkow_ - MalwareMustDie"
|
||||
reference: http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html
|
||||
reference:
|
||||
- http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DDoSTf.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: Derkziel Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "The Malware Hunter"
|
||||
date: "2015-11"
|
||||
reference: https://bhf.su/threads/137898/
|
||||
reference:
|
||||
- https://bhf.su/threads/137898/
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Derkziel.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: Dexter Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Florian Roth"
|
||||
date: "2015/02/10"
|
||||
reference: http://goo.gl/oBvy8b
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Dexter.yar
|
||||
- http://goo.gl/oBvy8b
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: DiamondFox Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2015-08-22"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DiamondFox.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Eicar Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Marc Rivero | @seifreed"
|
||||
hash: "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Eicar.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Ezcob Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-23"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Ezcob.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: FUDCrypt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/gigajew/FudCrypt/
|
||||
metadata:
|
||||
author_original: "https://github.com/hwvs"
|
||||
date: "2019-11-21"
|
||||
reference:
|
||||
- https://github.com/gigajew/FudCrypt/
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_FUDCrypt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Gafgyt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-05-25"
|
||||
MD5: "c8d58acfe524a09d4df7ffbe4a43c429"
|
||||
SHA1: "b41fefa8470f3b3657594af18d2ea4f6ac4d567f"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Gafgyt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-05-01"
|
||||
MD5: "e3fac853203c3f1692af0101eaad87f1"
|
||||
SHA1: "710781e62d49419a3a73624f4a914b2ad1684c6a"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Gafgyt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-05-01"
|
||||
MD5: "cc99e8dd2067fd5702a4716164865c8a"
|
||||
SHA1: "b9b316c1cc9f7a1bf8c70400861de08d95716e49"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Gafgyt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-05-25"
|
||||
MD5: "369c7c66224b343f624803d595aa1e09"
|
||||
SHA1: "54519d2c124cb536ed0ddad5683440293d90934f"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Gafgyt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-05-25"
|
||||
MD5: "419b8a10a3ac200e7e8a0c141b8abfba"
|
||||
SHA1: "5433a5768c5d22dabc4d133c8a1d192d525939d5"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Gafgyt Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-05-25"
|
||||
MD5: "97f5edac312de349495cb4afd119d2a5"
|
||||
SHA1: "916a51f2139f11e8be6247418dca6c41591f4557"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Genome Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2014-09-07"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Genome.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,9 @@ info:
|
|||
name: Glasses Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2021-11-18"
|
||||
SHA1: "aaf262fde1738dbf0bb50213a9624cd6705ebcaeb06c5fcaf7e9f33695d3fc33"
|
||||
reference:
|
||||
- https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Glasses.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,9 @@ info:
|
|||
name: Gozi Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
|
||||
metadata:
|
||||
author_original: "CCN-CERT"
|
||||
reference:
|
||||
- https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gozi.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: Grozlex Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
|
||||
metadata:
|
||||
author_original: "Kevin Falcoz"
|
||||
date: "20/08/2013"
|
||||
reference:
|
||||
- https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Grozlex.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Insta11 Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-23"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Install11.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Intel Virtualization Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-23"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Intel_Virtualization.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: IotReaper Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-23"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_IotReaper.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
id: malware_linux_aesddos
|
||||
|
||||
info:
|
||||
name: Linux AESDDOS Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
|
||||
- http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "3AES"
|
||||
- "Hacker"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "3AES"
|
||||
- "VERSONEX"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "VERSONEX"
|
||||
- "Hacker"
|
||||
condition: and
|
|
@ -0,0 +1,22 @@
|
|||
id: malware_linux_billgates
|
||||
|
||||
info:
|
||||
name: Linux BillGates Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
|
||||
- http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3429
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "12CUpdateGates"
|
||||
- "11CUpdateBill"
|
||||
condition: and
|
|
@ -0,0 +1,22 @@
|
|||
id: malware_linux_elknot
|
||||
|
||||
info:
|
||||
name: Linux Elknot Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
|
||||
- http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ZN8CUtility7DeCryptEPciPKci"
|
||||
- "ZN13CThreadAttack5StartEP11CCmdMessage"
|
||||
condition: and
|
|
@ -0,0 +1,22 @@
|
|||
id: malware_linux_mrblack
|
||||
|
||||
info:
|
||||
name: Linux MrBlack Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
|
||||
- http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Mr.Black"
|
||||
- "VERS0NEX:%s|%d|%d|%s"
|
||||
condition: and
|
|
@ -0,0 +1,21 @@
|
|||
id: malware_linux_tsunami
|
||||
|
||||
info:
|
||||
name: Linux Tsunami Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
|
||||
- http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "PRIVMSG %s :[STD]Hitting %s"
|
||||
- "NOTICE %s :TSUNAMI <target> <secs>"
|
||||
- "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually."
|
|
@ -4,11 +4,9 @@ info:
|
|||
name: MacGyver.cap Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
|
||||
metadata:
|
||||
author_original: "xylitol@temari.fr"
|
||||
date: "2021-05-11"
|
||||
hash1: "9dc70002e82c78ee34c813597925c6cf8aa8d68b7e9ce5bcc70ea9bcab9dbf4a"
|
||||
reference:
|
||||
- https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,20 +4,9 @@ info:
|
|||
name: MacGyver.cap Installer Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
|
||||
metadata:
|
||||
author_original: "xylitol@temari.fr"
|
||||
date: "2021-05-11"
|
||||
hash1: "bb828eb0bbebabbcb51f490f4a0c08dd798b1f350dddddb6c00abcb6f750069f"
|
||||
hash2: "04f0c9904675c7cf80ff1962bec5ef465ccf8c29e668f3158ec262414a6cc6eb"
|
||||
hash3: "7335cd56a9ac08c200cca7e25b939e9c4ffa4d508207e68bee01904bf20a6528"
|
||||
hash4: "af542ccb415647dbd80df902858a3d150a85f37992a35f29999eed76ac01a12b"
|
||||
hash5: "247484124f4879bfacaae73ea32267e2c1e89773986df70a5f3456b1fb944c58"
|
||||
hash6: "1cc8a2f3ce12f4b8356bda8b4aaf61d510d1078112af1c14cf4583090e062fbe"
|
||||
hash7: "c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c"
|
||||
hash8: "c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657"
|
||||
hash9: "1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08"
|
||||
hash10: "87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660"
|
||||
reference:
|
||||
- https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: Madness DDOS Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/arbor/yara/blob/master/madness.yara
|
||||
metadata:
|
||||
author_original: "Jason Jones <jasonjones@arbor.net>"
|
||||
date: "2014-01-15"
|
||||
reference:
|
||||
- https://github.com/arbor/yara/blob/master/madness.yara
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Madness.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,8 +4,7 @@ info:
|
|||
name: Miner Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Akamai CSIRT"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XMRIG_Miner.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
id: malware_miniasp3
|
||||
|
||||
info:
|
||||
name: MiniASP3 Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MiniAsp3_mem.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "MiniAsp3\\Release\\MiniAsp.pdb"
|
||||
- "http://%s/about.htm"
|
||||
- "http://%s/result_%s.htm"
|
||||
- "open internet failed…"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "MiniAsp3\\Release\\MiniAsp.pdb"
|
||||
- "http://%s/about.htm"
|
||||
- "http://%s/result_%s.htm"
|
||||
- "run error!"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "MiniAsp3\\Release\\MiniAsp.pdb"
|
||||
- "http://%s/about.htm"
|
||||
- "http://%s/result_%s.htm"
|
||||
- "run ok!"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "MiniAsp3\\Release\\MiniAsp.pdb"
|
||||
- "http://%s/about.htm"
|
||||
- "http://%s/result_%s.htm"
|
||||
- "time out,change to mode 0"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "MiniAsp3\\Release\\MiniAsp.pdb"
|
||||
- "http://%s/about.htm"
|
||||
- "http://%s/result_%s.htm"
|
||||
- "command is null!"
|
||||
condition: and
|
|
@ -0,0 +1,30 @@
|
|||
id: malware_naikon
|
||||
|
||||
info:
|
||||
name: Naikon Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naikon.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: binary
|
||||
binary:
|
||||
- "0FAFC1C1E01F"
|
||||
- "355A010000"
|
||||
- "81C27F140600"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "NOKIAN95/WEB"
|
||||
- "/tag=info&id=15"
|
||||
- "skg(3)=&3.2d_u1"
|
||||
- "\\Temp\\iExplorer.exe"
|
||||
- "\\Temp\\\"TSG\""
|
||||
condition: or
|
|
@ -0,0 +1,26 @@
|
|||
id: malware_naspyupdate
|
||||
|
||||
info:
|
||||
name: nAspyUpdate Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naspyupdate.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: binary
|
||||
binary:
|
||||
- "8A5424148A0132C202C28801414E75F4"
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "\\httpclient.txt"
|
||||
- "password <=14"
|
||||
- "/%ldn.txt"
|
||||
- "Kill You\x00"
|
||||
condition: or
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Notepad v1.1 Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "RSA_IR"
|
||||
date: "4Jun13"
|
||||
MD5: "106E63DBDA3A76BEEB53A8BBD8F98927"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Notepad.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Olyx Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-19"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Olyx.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: OSX Leverage Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "earada@alienvault.com"
|
||||
date: "2013/09"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_OSX_Leverage.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,7 @@ info:
|
|||
name: Pony Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Brian Wallace @botnet_hunter"
|
||||
author_original_email: "bwall@ballastsecurity.net"
|
||||
date: "2014-08-16"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Pony.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: PubSab Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-19"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PubSab.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: Fake PyPI Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
|
||||
metadata:
|
||||
author_original: "@bartblaze"
|
||||
date: "2017-09"
|
||||
reference:
|
||||
- http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PyPI.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: T5000 Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-06-26"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_T5000.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Tedroo Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Kevin Falcoz"
|
||||
date: "22/11/2015"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Tedroo.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,10 +4,9 @@ info:
|
|||
name: Trickbot Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
reference: http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed
|
||||
metadata:
|
||||
author_original: "Minerva Labs"
|
||||
date: "2016/06"
|
||||
reference:
|
||||
- http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TreasureHunt.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,8 +4,7 @@ info:
|
|||
name: Trickbot Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Marc Salinas @Bondey_m"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TrickBot.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: TrumpBot Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @joanbtl"
|
||||
date: "2017-04-16"
|
||||
MD5: "77122e0e6fcf18df9572d80c4eedd88d"
|
||||
SHA1: "108ee460d4c11ea373b7bba92086dd8023c0654f"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Trumpbot.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Universal 1337 Stealer Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Kevin Falcoz"
|
||||
date: "24/02/2013"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Stealer.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,8 +4,7 @@ info:
|
|||
name: Urausy Skype Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "AlienVault Labs"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Urausy.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Warp Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Kevin Falcoz"
|
||||
date: "14/08/2015"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Wabot.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Warp Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-07-10"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Warp.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: xHide Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Joan Soriano / @w0lfvan"
|
||||
date: "2017-12-01"
|
||||
MD5: "c644c04bce21dacdeb1e6c14c081e359"
|
||||
SHA256: "59f5b21ef8a570c02453b5edb0e750a42a1382f6"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XHide.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,8 +4,7 @@ info:
|
|||
name: XOR_DDosv1 Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Akamai CSIRT"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XOR_DDos.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
id: malware_yayih
|
||||
|
||||
info:
|
||||
name: Glasses Malware Detector
|
||||
name: Yayih Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Seth Hardy"
|
||||
date: "2014-07-11"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Yayih.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
|
@ -4,9 +4,7 @@ info:
|
|||
name: Zegost Malware Detector
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
metadata:
|
||||
author_original: "Kevin Falcoz"
|
||||
date: "10/06/2013"
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Zegost.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
|
|
Loading…
Reference in New Issue