id: glass-malware info: name: Glass Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Glass.yar tags: malware,file file: - extensions: - all matchers: - type: word part: raw words: - "PostQuitMessage" - "pwlfnn10,gzg" - "update.dll" - "_winver" condition: and # digest: 4b0a00483046022100fcc6a253c1cdfca1770ded4ccd721e5afc7ed561be162c18d0f614b63ae0efcf022100e1a58b609f151bbaa49837795a9f58a042d7c54b320bd63841a558743c131d6f:922c64590222798bb761d5b6d8e72950