26 lines
750 B
YAML
26 lines
750 B
YAML
id: darkrat-malware
|
|
|
|
info:
|
|
name: DarkRAT Malware - Detect
|
|
author: daffainfo
|
|
severity: info
|
|
reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar
|
|
tags: malware,file
|
|
file:
|
|
- extensions:
|
|
- all
|
|
matchers:
|
|
- type: word
|
|
part: raw
|
|
words:
|
|
- "@1906dark1996coder@"
|
|
- "SHEmptyRecycleBinA"
|
|
- "mciSendStringA"
|
|
- "add_Shutdown"
|
|
- "get_SaveMySettingsOnExit"
|
|
- "get_SpecialDirectories"
|
|
- "Client.My"
|
|
condition: and
|
|
|
|
# digest: 4b0a00483046022100b1285934cddc122f08b2b6076c401a94b5fada0579234b74bc87843121e15968022100b9ac1f7a35c4b00c9cdf22c8eb46cc6b2612b90f2cf9ff89e93589db08e7139c:922c64590222798bb761d5b6d8e72950
|