id: pony-stealer-malware info: name: Windows Pony Stealer Malware - Detect author: daffainfo severity: info reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/malware/windows/malware_windows_pony_stealer.yara tags: malware,file,pony,stealer file: - extensions: - all matchers: - type: word part: raw words: - "signons.sqlite" - "signons.txt" - "signons2.txt" - "signons3.txt" - "WininetCacheCredentials" - "moz_logins" - "encryptedPassword" - "FlashFXP" - "BulletProof" - "CuteFTP" condition: and case-insensitive: true # digest: 4a0a00473045022051137ec4287733be40855295f4df9e5a0c89085ddbc6af52449fd86bb78eeef9022100d0280cb88ff244d8e3753e6f5e9bf2ed1fd723610d42781b02c530800a711e38:922c64590222798bb761d5b6d8e72950