id: diamondfox-malware

info:
  name: DiamondFox Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DiamondFox.yar
  tags: malware,file
file:
  - extensions:
      - all
    matchers:
      - type: word
        part: raw
        words:
          - 'UPDATE_B'
          - 'UNISTALL_B'
          - 'S_PROTECT'
          - 'P_WALLET'
          - 'GR_COMMAND'
          - 'FTPUPLOAD'
        condition: and

# digest: 490a0046304402207f1d1ad5c528eb43a5ae2b867941575a1a1cd0461e18acc4b4ac3b88aa9da21f0220311924a7023fe7f690e204eeeec7e950603025abe55859c4af9c0281ab0f79a1:922c64590222798bb761d5b6d8e72950