id: luminositylink-malware

info:
  name: LuminosityLink Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar
  tags: malware,file

file:
  - extensions:
      - all

    matchers:
      - type: word
        part: raw
        words:
          - "SMARTLOGS"
          - "RUNPE"
          - "b.Resources"
          - "CLIENTINFO*"
          - "Invalid Webcam Driver Download URL, or Failed to Download File!"
          - "Proactive Anti-Malware has been manually activated!"
          - "REMOVEGUARD"
          - "C0n1f8"
          - "Luminosity"
          - "LuminosityCryptoMiner"
          - "MANAGER*CLIENTDETAILS*"
        condition: and