TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する個人の調査・研究ログ

jRat and Yara Rules

【ブログ】

◆jRat and Yara Rules (TechAnarchy, 2013/07/17)
https://techanarchy.net/2013/07/jrat-and-yara-rules/

rule jrat_remote_access_trojan
{
meta:
description = "jRAT Remote access Trojan "
reference = "techanarchy.net, jrat.pro"
author = "Kevin Breen "
date = "2013-07"
filetype = "Java"
md5 = "39efba44cdbe40a0d6ed6deb8eff51fd"
strings:
$meta = "META-INF"
$key = "key.dat"
$conf = "config.dat"
$conf2 = "conf.dat"
$reClass1 = /[a-z]\.class/
$reClass2 = /[a-z][a-f]\.class/

condition:
($meta and $key) and ($conf or $conf2) and (#reClass1 > 10 and #reClass2 > 10)
}


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2017