From b9f598ded47e3d1f13f9637e349e82e7d92f33ad Mon Sep 17 00:00:00 2001
From: blackorbird <137812951@qq.com>
Date: Mon, 11 May 2020 21:54:25 +0800
Subject: [PATCH] Create apt_ZZ_Naikon_codebase.yar

---
 nazar/apt_ZZ_Naikon_codebase.yar | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 nazar/apt_ZZ_Naikon_codebase.yar

diff --git a/nazar/apt_ZZ_Naikon_codebase.yar b/nazar/apt_ZZ_Naikon_codebase.yar
new file mode 100644
index 0000000..5a39c6e
--- /dev/null
+++ b/nazar/apt_ZZ_Naikon_codebase.yar
@@ -0,0 +1,19 @@
+rule apt_ZZ_Naikon_codebase : Naikon 
+{
+    meta:
+        report = "Naikon New AR Backdoor Deployment to Southeast Asia"
+        description = "Naikon typo"
+        author = "Kaspersky"
+        copyright = "Kaspersky"
+        version = "1.0"
+        date = "2018-06-28"
+        last_modified = "2018-06-28"
+
+    strings:
+        $a1 = "Create Directroy [%s] Failed:%d" wide
+
+    condition:
+        uint16(0) == 0x5A4D and
+        filesize &lt; 450000 and
+        $a1
+}