id: adzok-malware info: name: Adzok Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Adzok.yar tags: malware,file file: - extensions: - all matchers-condition: or matchers: - type: word part: raw words: - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "Uninstall.jarPK" - "resources/icono.pngPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "Uninstall.jarPK" condition: and - type: word part: raw words: - "config.xmlPK" - "key.classPK" - "svd$1.classPK" - "svd$2.classPK" - "Mensaje.classPK" - "inic$ShutdownHook.class" - "resources/icono.pngPK" condition: and