id: gafgyt-hihi-malware

info:
  name: Gafgyt Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
  tags: malware,file

file:
  - extensions:
      - all

    matchers:
      - type: word
        part: raw
        words:
          - 'PING'
          - 'PONG'
          - 'TELNET LOGIN CRACKED - %s:%s:%s'
          - 'ADVANCEDBOT'
          - '46.166.185.92'
          - 'LOLNOGTFO'
        condition: and