Permalink
Browse files

Add apt9002 from FireEye Labs

  • Loading branch information...
nyx0 committed Apr 26, 2015
1 parent 4c27043 commit df966a88c82d00d3eae4c6ad5c7ce2c579a113e0
Showing with 16 additions and 0 deletions.
  1. +16 −0 malware.yar
View
@@ -19859,3 +19859,19 @@ rule apt_c16_win_memory_pcclient
condition:
all of them
}
+
+rule FE_APT_9002 : RAT
+{
+ meta:
+ Author = "FireEye Labs"
+ Date = "2013/11/10"
+ Description = "Strings inside"
+ Reference = "Useful link"
+
+ strings:
+ $mz = { 4d 5a }
+ $a = "rat_UnInstall" wide ascii
+
+ condition:
+ ($mz at 0) and $a
+}

0 comments on commit df966a8

Please sign in to comment.