id: plasma-malware

info:
  name: Plasma Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar
  tags: malware,file
file:
  - extensions:
      - all
    matchers:
      - type: word
        part: raw
        words:
          - "Miner: Failed to Inject."
          - "Started GPU Mining on:"
          - "BK: Hard Bot Killer Ran Successfully!"
          - "Uploaded Keylogs Successfully!"
          - "No Slowloris Attack is Running!"
          - "An ARME Attack is Already Running on"
          - "Proactive Bot Killer Enabled!"
          - "PlasmaRAT"
          - "AntiEverything"
        condition: and

# digest: 4a0a004730450221008eb65f1513c0e2aef9d97696947b1a4ff2b56632eb8996690e2974b945c6683e02201633a82d34627d923130fb638757d0c5c9b78f2228ce4c8ef9d44982f38db553:922c64590222798bb761d5b6d8e72950