id: diamondfox-malware

info:
  name: DiamondFox Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DiamondFox.yar
  tags: malware,file

file:
  - extensions:
      - all

    matchers:
      - type: word
        part: raw
        words:
          - 'UPDATE_B'
          - 'UNISTALL_B'
          - 'S_PROTECT'
          - 'P_WALLET'
          - 'GR_COMMAND'
          - 'FTPUPLOAD'
        condition: and