id: luminositylink-malware

info:
  name: LuminosityLink Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar
  tags: malware,file
file:
  - extensions:
      - all
    matchers:
      - type: word
        part: raw
        words:
          - "SMARTLOGS"
          - "RUNPE"
          - "b.Resources"
          - "CLIENTINFO*"
          - "Invalid Webcam Driver Download URL, or Failed to Download File!"
          - "Proactive Anti-Malware has been manually activated!"
          - "REMOVEGUARD"
          - "C0n1f8"
          - "Luminosity"
          - "LuminosityCryptoMiner"
          - "MANAGER*CLIENTDETAILS*"
        condition: and

# digest: 490a004630440220014ac277fc402a628e9185fe0e76a351be65603be58b48a2c02cbdface53903e0220363eca2d5743b2c8e61fbb485e325d04ffe864d9fae151cbb0217c2d7947d111:922c64590222798bb761d5b6d8e72950