Gholee Malware YARA Rule

C&C IP Addresses

83.170.33.60

83.170.33.37

YARA Rule

rule gholee

{

meta:

author = “www.clearskysec.com”

date = “2014/08″

maltype = “Remote Access Trojan”

filetype = “dll”

strings:

$a = “sandbox_avg10_vc9_SP1_2011″

$b = “gholee”

condition:

all of them

}