id: adzok-malware info: name: Adzok Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Adzok.yar tags: malware,file file: - extensions: - all matchers-condition: or matchers: - type: word part: raw words: - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "resources/icono.pngPK" condition: and # digest: 4a0a00473045022078baa991694a29ddb0910faad83bbe2d56a67739ab974b6a43eab7e494ae29b302210090fb44202dfbca4ef591b7d55b2c10ddcff8a47737a46de9491c838a7263be77:922c64590222798bb761d5b6d8e72950