rule win_pirate_stealer_w0 {
    meta:
        description = "This rule identifies PirateStealer."
        author = "mostwanted002"
        date = "2022-12-01"
        malpedia_rule_date = "20221206"
        malpedia_hash = ""
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.pirate_stealer"
        malpedia_version = "20221206"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $pirate = "PirateStealerEvent" nocase
        $nim1 = "deflate.nim"
        $nim2 = "zippy.nim"
        $nim3 = "db_sqlite.nim"
        $nim4 = "puppy.nim"
        $nim5 = "gzip.nim"
   
    condition:
        $pirate	and ($nim1 or $nim2 or $nim3 or $nim4 or $nim5)
}