id: naikon-malware info: name: Naikon Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naikon.yar tags: malware,file file: - extensions: - all matchers-condition: or matchers: - type: binary binary: - "0FAFC1C1E01F" - "355A010000" - "81C27F140600" condition: and - type: word part: raw words: - "NOKIAN95/WEB" - "/tag=info&id=15" - "skg(3)=&3.2d_u1" - "\\Temp\\iExplorer.exe" - "\\Temp\\\"TSG\"" condition: or # digest: 4a0a0047304502207f942d475af9fbeddcd2f52d61e40cf86505078196c46b7e2764e8261194f31302210092b2c2f39c63e4c41913d29dd5c5f9f9378002c2a629ecabb3193e2c30d6e5f5:922c64590222798bb761d5b6d8e72950