id: linux-aesddos-malware

info:
  name: Linux AESDDOS Malware - Detect
  author: daffainfo
  severity: info
  reference:
    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
  tags: malware,file
file:
  - extensions:
      - all

    matchers-condition: or
    matchers:
      - type: word
        part: raw
        words:
          - "3AES"
          - "Hacker"
        condition: and

      - type: word
        part: raw
        words:
          - "3AES"
          - "VERSONEX"
        condition: and

      - type: word
        part: raw
        words:
          - "VERSONEX"
          - "Hacker"
        condition: and
# digest: 490a00463044022009c35b74576ab5a6e8a2dc791a87738147c0ae237013458042f4d259f6fb222c02201f61fdf980b10068335af5b38b1de2fded998fffb64dfc78ea77dd02255afc75:922c64590222798bb761d5b6d8e72950