id: virusrat-malware info: name: VirusRat Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar tags: malware,file file: - extensions: - all matchers: - type: word part: raw words: - "virustotal" - "virusscan" - "abccba" - "pronoip" - "streamWebcam" - "DOMAIN_PASSWORD" - "Stub.Form1.resources" - "ftp://{0}@{1}" - "SELECT * FROM moz_logins" - "SELECT * FROM moz_disabledHosts" - "DynDNS\\Updater\\config.dyndns" - "|BawaneH|" condition: and