id: lostdoor-malware info: name: LostDoor Malware - Detect author: daffainfo severity: info reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar tags: malware,file file: - extensions: - all matchers-condition: and matchers: - type: word part: raw words: - "*mlt* = %" - "*ip* = %" - "*victimo* = %" - "*name* = %" - "[START]" - "[DATA]" - "We Control Your Digital World" - "RC4Initialize" - "RC4Decrypt" condition: and - type: binary binary: - "0D0A2A454449545F5345525645522A0D0A" # digest: 4a0a00473045022100f09b93e1cf30aeda8bdc4f1fe11328677f25778c788801f45f4a4a84546777bc02202dd9af3a65aa9435d840b2c25b19d4e32d7455f1549bff53adf7538a5532fed2:922c64590222798bb761d5b6d8e72950