id: gafgyt-hihi-malware info: name: Gafgyt Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar tags: malware,file file: - extensions: - all matchers: - type: word part: raw words: - 'PING' - 'PONG' - 'TELNET LOGIN CRACKED - %s:%s:%s' - 'ADVANCEDBOT' - '46.166.185.92' - 'LOLNOGTFO' condition: and # digest: 4a0a0047304502202b4ae96e807e07b5a92453399994ce2d360a5262c5f42de79da60ca5e61ffdf9022100e101b40699838926c53e2672358afec4eb70034f8057f3139d9471d06218d0ec:922c64590222798bb761d5b6d8e72950