id: lostdoor-malware info: name: LostDoor Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar tags: malware,file file: - extensions: - all matchers-condition: and matchers: - type: word part: raw words: - "*mlt* = %" - "*ip* = %" - "*victimo* = %" - "*name* = %" - "[START]" - "[DATA]" - "We Control Your Digital World" - "RC4Initialize" - "RC4Decrypt" condition: and - type: binary binary: - "0D0A2A454449545F5345525645522A0D0A"