Malware-Research/Hancitor/hancitor.yara

rule hancitor : rat
{
    meta:
        description = "Hancitor"
        threat_level = 3
        in_the_wild = true
    strings:
        $config_params = "GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)"
    condition:
        $config_params
}