YARA rule for Dridex

Have been learning YARA from few days and below is my first YARA rule for a IOCs collected while analysing a word document. Analysis concluded with presence of Dridex malware.

rule dridex : dridex
{
meta:
description = “Dridex Malware Indicators”
author = “Kunal Makwana”
date = “2016/04/03”
thread_level = 4
in_the_wild = true

strings:
$domain = “g-t-c-co.uk” nocase
$ip = “185.11.240.14” wide ascii
$mail = “ali73_2008027@yahoo.co.uk” wide ascii

condition:
$domain or $ip or $mail
}

Will be writing more as days go by.

Happy Malware Analysis!!!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s