forked from Yara-Rules/rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index_w_mobile.yar
403 lines (403 loc) · 16.7 KB
/
index_w_mobile.yar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
/*
Generated by Yara-Rules
On 28-11-2016
*/
include "./Malicious_Documents/Maldoc_UserForm.yar"
include "./Malicious_Documents/Maldoc_Dridex.yar"
include "./Malicious_Documents/maldoc_somerules.yar"
include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
include "./Malicious_Documents/Maldoc_PDF.yar"
include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
include "./CVE_Rules/CVE-2013-0074.yar"
include "./CVE_Rules/CVE-2015-5119.yar"
include "./CVE_Rules/CVE-2010-0805.yar"
include "./CVE_Rules/CVE-2010-0887.yar"
include "./CVE_Rules/CVE-2015-1701.yar"
include "./CVE_Rules/CVE-2010-1297.yar"
include "./CVE_Rules/CVE-2015-2545.yar"
include "./CVE_Rules/CVE-2016-5195.yar"
include "./CVE_Rules/CVE-2015-2426.yar"
include "./CVE_Rules/CVE-2013-0422.yar"
include "./Packers/Javascript_exploit_and_obfuscation.yar"
include "./Packers/peid.yar"
include "./Packers/packer.yar"
include "./Packers/packer_compiler_signatures.yar"
include "./Packers/JJencode.yar"
include "./Crypto/crypto_signatures.yar"
include "./Crypto/base64.yar"
include "./Exploit-Kits/EK_Crimepack.yar"
include "./Exploit-Kits/EK_Fragus.yar"
include "./Exploit-Kits/EK_ZeroAcces.yar"
include "./Exploit-Kits/EK_Eleonore.yar"
include "./Exploit-Kits/EK_BleedingLife.yar"
include "./Exploit-Kits/EK_Zerox88.yar"
include "./Exploit-Kits/EK_Angler.yar"
include "./Exploit-Kits/EK_Phoenix.yar"
include "./Exploit-Kits/EK_Zeus.yar"
include "./Exploit-Kits/EK_Sakura.yar"
include "./Exploit-Kits/EK_Blackhole.yar"
include "./Antidebug_AntiVM/antidebug_antivm.yar"
include "./Webshells/Wshell_ChineseSpam.yar"
include "./Webshells/WShell_PHP_in_images.yar"
include "./Webshells/Wshell_fire2013.yar"
include "./Webshells/WShell_THOR_Webshells.yar"
include "./Webshells/WShell_PHP_Anuna.yar"
include "./Webshells/WShell_APT_Laudanum.yar"
include "./malware/RANSOM_TeslaCrypt.yar"
include "./malware/MALW_IMuler.yar"
include "./malware/MALW_Grozlex.yar"
include "./malware/MALW_Backoff.yar"
include "./malware/MALW_MiniAsp3_mem.yar"
include "./malware/RAT_DarkComet.yar"
include "./malware/APT_Codoso.yar"
include "./malware/MALW_DirtJumper.yar"
include "./malware/RAT_jRAT.yar"
include "./malware/RAT_Cerberus.yar"
include "./malware/APT_Sphinx_Moth.yar"
include "./malware/MALW_Regsubdat.yar"
include "./malware/MALW_KINS.yar"
include "./malware/APT_Equation.yar"
include "./malware/APT_Snowglobe_Babar.yar"
include "./malware/APT_Turla_RUAG.yar"
include "./malware/MALW_Install11.yar"
include "./malware/MALW_CAP_Win32Inet.yara"
include "./malware/APT_Regin.yar"
include "./malware/Operation_Blockbuster/IndiaDelta.yara"
include "./malware/Operation_Blockbuster/SierraJuliettMikeOne.yara"
include "./malware/Operation_Blockbuster/RomeoDelta.yara"
include "./malware/Operation_Blockbuster/IndiaGolf.yara"
include "./malware/Operation_Blockbuster/IndiaWhiskey.yara"
include "./malware/Operation_Blockbuster/LimaBravo.yara"
include "./malware/Operation_Blockbuster/general.yara"
include "./malware/Operation_Blockbuster/RomeoAlfa.yara"
include "./malware/Operation_Blockbuster/UniformAlfa.yara"
include "./malware/Operation_Blockbuster/cert_wiper.yara"
include "./malware/Operation_Blockbuster/LimaDelta.yara"
include "./malware/Operation_Blockbuster/IndiaHotel.yara"
include "./malware/Operation_Blockbuster/IndiaAlfa.yara"
include "./malware/Operation_Blockbuster/WhiskeyCharlie.yara"
include "./malware/Operation_Blockbuster/IndiaEcho.yara"
include "./malware/Operation_Blockbuster/RomeoBravo.yara"
include "./malware/Operation_Blockbuster/LimaCharlie.yara"
include "./malware/Operation_Blockbuster/RomeoHotel.yara"
include "./malware/Operation_Blockbuster/IndiaJuliett.yara"
include "./malware/Operation_Blockbuster/HotelAlfa.yara"
include "./malware/Operation_Blockbuster/UniformJuliett.yara"
include "./malware/Operation_Blockbuster/RomeoWhiskey.yara"
include "./malware/Operation_Blockbuster/IndiaBravo.yara"
include "./malware/Operation_Blockbuster/RomeoEcho.yara"
include "./malware/Operation_Blockbuster/LimaAlfa.yara"
include "./malware/Operation_Blockbuster/DeltaCharlie.yara"
include "./malware/Operation_Blockbuster/WhiskeyBravo_mod.yara"
include "./malware/Operation_Blockbuster/RomeoGolf_mod.yara"
include "./malware/Operation_Blockbuster/SierraBravo.yara"
include "./malware/Operation_Blockbuster/SierraJuliettMikeTwo.yara"
include "./malware/Operation_Blockbuster/KiloAlfa.yara"
include "./malware/Operation_Blockbuster/suicidescripts.yara"
include "./malware/Operation_Blockbuster/IndiaCharlie.yara"
include "./malware/Operation_Blockbuster/WhiskeyAlfa.yara"
include "./malware/Operation_Blockbuster/SierraAlfa.yara"
include "./malware/Operation_Blockbuster/PapaAlfa.yara"
include "./malware/Operation_Blockbuster/TangoAlfa.yara"
include "./malware/Operation_Blockbuster/WhiskeyDelta.yara"
include "./malware/Operation_Blockbuster/SierraCharlie.yara"
include "./malware/Operation_Blockbuster/sharedcode.yara"
include "./malware/Operation_Blockbuster/TangoBravo.yara"
include "./malware/Operation_Blockbuster/RomeoCharlie.yara"
include "./malware/MALW_PubSab.yar"
include "./malware/MALW_Exploit_UAC_Elevators.yar"
include "./malware/POS_Bernhard.yar"
include "./malware/MALW_Lenovo_Superfish.yar"
include "./malware/RANSOM_Satana.yar"
include "./malware/RAT_Bozok.yar"
include "./malware/TOOLKIT_Wineggdrop.yar"
include "./malware/RAT_Terminator.yar"
include "./malware/RANSOM_Locky.yar"
include "./malware/APT_APT1.yar"
include "./malware/MALW_Sayad.yar"
include "./malware/TOOLKIT_exe2hex_payload.yar"
include "./malware/MALW_Boouset.yar"
include "./malware/MALW_NionSpy.yar"
include "./malware/APT_Unit78020.yar"
include "./malware/MALW_LinuxMoose.yar"
include "./malware/RAT_Hizor.yar"
include "./malware/MALW_Cloaking.yar"
include "./malware/RAT_Bolonyokte.yar"
include "./malware/MALW_Genome.yar"
include "./malware/TOOLKIT_Pwdump.yar"
include "./malware/APT_WildNeutron.yar"
include "./malware/APT_Waterbug.yar"
include "./malware/RAT_xRAT20.yar"
include "./malware/MALW_Miscelanea_Linux.yar"
include "./malware/MALW_Korlia.yar"
include "./malware/MALW_Bublik.yar"
include "./malware/APT_FiveEyes.yar"
include "./malware/MALW_Athena.yar"
include "./malware/APT_KeyBoy.yar"
include "./malware/RAT_Ratdecoders.yar"
include "./malware/APT_fancybear_dnc.yar"
include "./malware/MALW_Naikon.yar"
include "./malware/APT_Casper.yar"
include "./malware/MALW_viotto_keylogger.yar"
include "./malware/MALW_Korplug.yar"
include "./malware/APT_Kaba.yar"
include "./malware/MALW_Shifu.yar"
include "./malware/RAT_Njrat.yar"
include "./malware/APT_Mongall.yar"
include "./malware/RANSOM_Stampado.yar"
include "./malware/MALW_Retefe.yar"
include "./malware/RAT_Indetectables.yar"
include "./malware/APT_Dubnium.yar"
include "./malware/MALW_xDedic_marketplace.yar"
include "./malware/MALW_Iexpl0ree.yar"
include "./malware/APT_Blackenergy.yar"
include "./malware/APT_Terracota.yar"
include "./malware/MALW_Jolob_Backdoor.yar"
include "./malware/MALW_Hsdfihdf_banking.yar"
include "./malware/POS_LogPOS.yar"
include "./malware/MALW_Warp.yar"
include "./malware/MALW_MacControl.yar"
include "./malware/RAT_BlackShades.yar"
include "./malware/MALW_Pyinstaller.yar"
include "./malware/MALW_Lateral_Movement.yar"
include "./malware/APT_Poseidon_Group.yar"
include "./malware/RAT_Gh0st.yar"
include "./malware/MALW_Naspyupdate.yar"
include "./malware/APT_Seaduke.yar"
include "./malware/MALW_Urausy.yar"
include "./malware/MALW_Wimmie.yar"
include "./malware/TOOLKIT_PassTheHash.yar"
include "./malware/POS_Easterjack.yar"
include "./malware/RAT_Xtreme.yar"
include "./malware/MALW_Quarian.yar"
include "./malware/MALW_Zegost.yar"
include "./malware/APT_DeputyDog.yar"
include "./malware/RAT_Glass.yar"
include "./malware/MALW_Cxpid.yar"
include "./malware/MALW_Bangat.yar"
include "./malware/RANSOM_777.yar"
include "./malware/APT_WoolenGoldfish.yar"
include "./malware/MALW_LURK0.yar"
include "./malware/APT_LotusBlossom.yar"
include "./malware/MALW_Sakurel.yar"
include "./malware/APT_Ke3Chang_TidePool.yar"
include "./malware/MALW_LuckyCat.yar"
include "./malware/MALW_Alina.yar"
include "./malware/MALW_BlackWorm.yar"
include "./malware/MALW_Corkow.yar"
include "./malware/MALW_Kovter.yar"
include "./malware/APT_Backspace.yar"
include "./malware/MALW_Wabot.yar"
include "./malware/APT_DeepPanda_Anthem.yar"
include "./malware/APT_Carbanak.yar"
include "./malware/MALW_T5000.yar"
include "./malware/APT_APT3102.yar"
include "./malware/APT_Hikit.yar"
include "./malware/TOOLKIT_Dubrute.yar"
include "./malware/MALW_Rovnix.yar"
include "./malware/TOOLKIT_FinFisher_.yar"
include "./malware/APT_Sofacy_Fysbis.yar"
include "./malware/APT_APT17.yar"
include "./malware/RANSOM_Petya.yar"
include "./malware/RAT_ZoxPNG.yar"
include "./malware/APT_Irontiger.yar"
include "./malware/MALW_Atmos.yar"
include "./malware/MALW_Elknot.yar"
include "./malware/MALW_NetTraveler.yar"
include "./malware/RAT_Havex.yar"
include "./malware/MALW_Cythosia.yar"
include "./malware/RAT_NetwiredRC.yar"
include "./malware/EXPERIMENTAL_Beef.yar"
include "./malware/RAT_Gholee.yar"
include "./malware/APT_Oilrig.yar"
include "./malware/APT_OpClandestineWolf.yar"
include "./malware/MALW_Buzus_Softpulse.yar"
include "./malware/MALW_Skeleton.yar"
include "./malware/RAT_xRAT.yar"
include "./malware/APT_PCclient.yar"
include "./malware/MALW_Ponmocup.yar"
include "./malware/MALW_F0xy.yar"
include "./malware/MALW_Kraken.yar"
include "./malware/MALW_Notepad.yar"
include "./malware/MALW_Glasses.yar"
include "./malware/MALW_Olyx.yar"
include "./malware/APT_PutterPanda.yar"
include "./malware/MALW_Surtr.yar"
include "./malware/APT_Passcv.yar"
include "./malware/APT_APT9002.yar"
include "./malware/MALW_DiamondFox.yar"
include "./malware/MALW_Vidgrab.yar"
include "./malware/MALW_Favorite.yar"
include "./malware/MALW_Intel_Virtualization.yar"
include "./malware/MALW_Pony.yar"
include "./malware/MALW_Andromeda.yar"
include "./malware/APT_Cloudduke.yar"
include "./malware/MALW_CAP_HookExKeylogger.yar"
include "./malware/APT_Duqu2.yar"
include "./malware/MALW_Rooter.yar"
include "./malware/MALW_Gozi.yar"
include "./malware/MALW_OSX_Leverage.yar"
include "./malware/RAT_Crimson.yar"
include "./malware/MALW_Zeus.yar"
include "./malware/RANSOM_Cryptolocker.yar"
include "./malware/RANSOM_Alpha.yar"
include "./malware/MALW_Scarhikn.yar"
include "./malware/RAT_Adwind.yar"
include "./malware/RAT_Inocnation.yar"
include "./malware/MALW_Sendsafe.yar"
include "./malware/MALW_Mailers.yar"
include "./malware/MALW_PE_sections.yar"
include "./malware/APT_Winnti.yar"
include "./malware/APT_Scarab_Scieron.yar"
include "./malware/MALW_Odinaff.yar"
include "./malware/MALW_BlackRev.yar"
include "./malware/RAT_PoisonIvy.yar"
include "./malware/APT_Stuxnet.yar"
include "./malware/APT_NGO.yar"
include "./malware/MALW_Empire.yar"
include "./malware/MALW_Sqlite.yar"
include "./malware/APT_CheshireCat.yar"
include "./malware/MALW_Shamoon.yar"
include "./malware/TOOLKIT_Gen_powerkatz.yar"
include "./malware/APT_Molerats.yar"
include "./malware/APT_furtim.yar"
include "./malware/APT_Pipcreat.yar"
include "./malware/MALW_Stealer.yar"
include "./malware/APT_Platinum.yar"
include "./malware/MALW_Ezcob.yar"
include "./malware/MALW_TreasureHunt.yar"
include "./malware/RANSOM_Crypren.yar"
include "./malware/MALW_Batel.yar"
include "./malware/MALW_Yayih.yar"
include "./malware/APT_Hellsing.yar"
include "./malware/MALW_Rockloader.yar"
include "./malware/RAT_Meterpreter_Reverse_Tcp.yar"
include "./malware/MALW_Tinba.yar"
include "./malware/MALW_Enfal.yar"
include "./malware/RAT_CyberGate.yar"
include "./malware/MALW_Citadel.yar"
include "./malware/APT_HackingTeam.yar"
include "./malware/MALW_Miscelanea.yar"
include "./malware/TOOLKIT_THOR_HackTools.yar"
include "./malware/POS_Mozart.yar"
include "./malware/APT_Emissary.yar"
include "./malware/APT_Bestia.yar"
include "./malware/MALW_Chicken.yar"
include "./malware/MALW_Dexter.yar"
include "./malware/APT_EQUATIONGRP.yar"
include "./malware/MALW_Safenet.yar"
include "./malware/APT_Sofacy_Bundestag.yar"
include "./malware/RANSOM_DMALocker.yar"
include "./malware/MALW_Furtim.yar"
include "./malware/TOOLKIT_Chinese_Hacktools.yar"
include "./malware/APT_ThreatGroup3390.yar"
include "./malware/APT_Careto.yar"
include "./malware/MALW_Cookies.yar"
include "./malware/APT_Bluetermite_Emdivi.yar"
include "./malware/MALW_Kelihos.yar"
include "./malware/MALW_XOR_DDos.yar"
include "./malware/POS_FastPOS.yar"
include "./malware/RAT_ShadowTech.yar"
include "./malware/MALW_PittyTiger.yar"
include "./malware/APT_Windigo_Onimiki.yar"
include "./malware/APT_C16.yar"
include "./malware/MALW_DDoSTf.yar"
include "./malware/MALW_Upatre.yar"
include "./malware/APT_Mirage.yar"
include "./malware/MALW_BackdoorSSH.yar"
include "./malware/APT_Derusbi.yar"
include "./malware/APT_OpDustStorm.yar"
include "./malware/MALW_Fareit.yar"
include "./malware/APT_UP007_SLServer.yar"
include "./malware/MALW_Derkziel.yar"
include "./malware/MALW_DirtyCow.yar"
include "./malware/RANSOM_.CRYPTXXX.yar"
include "./malware/APT_Minidionis.yar"
include "./malware/MALW_Tedroo.yar"
include "./malware/APT_Prikormka.yar"
include "./malware/MALW_FakeM.yar"
include "./malware/MALW_Miancha.yar"
include "./malware/MALW_LostDoor.yar"
include "./malware/MALW_Madness.yar"
include "./malware/MALW_NSFree.yar"
include "./malware/APT_OPCleaver.yar"
include "./malware/APT_Sofacy_Jun16.yar"
include "./malware/RAT_PlugX.yar"
include "./malware/POS_BruteforcingBot.yar"
include "./malware/POS.yar"
include "./malware/RAT_Shim.yar"
include "./malware/MALW_Elex.yar"
include "./malware/RANSOM_Tox.yar"
include "./malware/RAT_Adzok.yar"
include "./malware/MALW_Torte_ELF.yar"
include "./malware/POS_MalumPOS.yar"
include "./malware/RAT_Nanocore.yar"
include "./malware/RAT_FlyingKitten.yar"
include "./malware/APT_OpPotao.yar"
include "./malware/RAT_Sakula.yar"
include "./email/EMAIL_Cryptowall.yar"
include "./email/urls.yar"
include "./email/image.yar"
include "./email/attachment.yar"
include "./email/bank_rule.yar"
include "./email/email_Ukraine_BE_powerattack.yar"
include "./email/scam.yar"
include "./Mobile_Malware/Android_Backdoor.yar"
include "./Mobile_Malware/Android_Dendroid_RAT.yar"
include "./Mobile_Malware/Android_SpyAgent.yar"
include "./Mobile_Malware/Android_ASSDdeveloper.yar"
include "./Mobile_Malware/Android_Metasploit.yar"
include "./Mobile_Malware/Android_Amtrckr_20160519.yar"
include "./Mobile_Malware/Android_Copy9.yar"
include "./Mobile_Malware/Android_SpyNote.yar"
include "./Mobile_Malware/Android_FakeApps.yar"
include "./Mobile_Malware/Android_VikingOrder.yar"
include "./Mobile_Malware/Android_SMSFraud.yar"
include "./Mobile_Malware/Android_malware_ChinesePorn.yar"
include "./Mobile_Malware/Android_MalwareCertificates.yar"
include "./Mobile_Malware/Android_FakeBank_Fanta.yar"
include "./Mobile_Malware/Android_malware_xbot007.yar"
include "./Mobile_Malware/Android_BatteryBot_ClickFraud.yar"
include "./Mobile_Malware/Android_OmniRat.yar"
include "./Mobile_Malware/Android_BadMirror.yar"
include "./Mobile_Malware/Android_Spywaller.yar"
include "./Mobile_Malware/Android_Spynet.yar"
include "./Mobile_Malware/Android_HackintTeam_Implant.yar"
include "./Mobile_Malware/Android_Pink_Locker.yar"
include "./Mobile_Malware/Android_Godless.yar"
include "./Mobile_Malware/Android_malware_Fake_MosKow.yar"
include "./Mobile_Malware/Android_SlemBunk.yar"
include "./Mobile_Malware/Android_Dectus_rswm.yar"
include "./Mobile_Malware/Android_Triada_Banking.yar"
include "./Mobile_Malware/Android_SandroRat.yar"
include "./Mobile_Malware/Android_Clicker_G.yar"
include "./Mobile_Malware/Android_pornClicker.yar"
include "./Mobile_Malware/Android_generic_smsfraud.yar"
include "./Mobile_Malware/Android_Malware_Ramsonware.yar"
include "./Mobile_Malware/Android_malware_Advertising.yar"
include "./Mobile_Malware/Android_Marcher_2.yar"
include "./Mobile_Malware/Android_malware_Dropper.yar"
include "./Mobile_Malware/Android_Tordow.yar"
include "./Mobile_Malware/Android_VirusPolicia.yar"
include "./Mobile_Malware/Android_malware_SMSsender.yar"
include "./Mobile_Malware/Android_adware.yar"
include "./Mobile_Malware/Android_Backdoor_script.yar"
include "./Mobile_Malware/Android_generic_adware.yar"
include "./Mobile_Malware/Android_Libyan_Scorpions.yar"
include "./Mobile_Malware/Android_Tachi.yar"
include "./Mobile_Malware/Android_sk_bankTr.yar"
include "./Mobile_Malware/Android_mapin.yar"
include "./Mobile_Malware/Android_AliPay_smsStealer.yar"
include "./Mobile_Malware/Android_malware_banker.yar"
include "./Mobile_Malware/Android_Malware_Tinhvan.yar"
include "./Mobile_Malware/Android_Overlayer.yar"
include "./Mobile_Malware/Android_malware_HackingTeam.yar"
include "./Mobile_Malware/Android_AVITOMMS.yar"
include "./Mobile_Malware/Android_Dogspectus.yar"
include "./Mobile_Malware/Android_Malware_Towelroot.yar"
include "./Mobile_Malware/Android_RuMMS.yar"
include "./Mobile_Malware/Android_MazarBot_z.yar"
include "./Mobile_Malware/Android_DeathRing.yar"