- What: New Yara-X rule detects encrypted Shulfar malware traffic
- Impact: Security researchers can better identify and analyze this threat
Shulfar (Netomize's name) malware encrypts its C&C traffic over the TCP protocol using a custom encryption algorithm and a fixed key. We took this as a challenge to write a detection rule targeting the encrypted message packet by simulating the decryption algorithm for all possible keys. submitted by /u/MFMokbel [link] [comments]