Merge pull request #11 from tstromberg/main

Add hostinfo_collector rule

rules/combo/backdoor/macos/hostinfo_collector.yara

@@ -0,0 +1,13 @@
+rule hostinfo_collector : suspicious {
+  meta:
+	ref = "https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/"
+	description = "Collects extremely detailed information about a host"
+  strings:
+	$sp = "system_profiler"
+	$ns = "networksetup"
+	$sysctl = "sysctl"
+	$launchctl = "launchctl"
+  condition:
+	all of them
+}
+