24 Aralık 2014 Çarşamba

Gholee Malware YARA Rule

C&C IP Addresses

83.170.33.60
83.170.33.37

YARA Rule

rule gholee
{
meta:
author = “www.clearskysec.com”
date = “2014/08″
maltype = “Remote Access Trojan”
filetype = “dll
strings:
$a = “sandbox_avg10_vc9_SP1_2011″
$b = “gholee
condition:
all of them
}

Hiç yorum yok:

Yorum Gönder