YARA Rule - AutoIt Malware

1. rule AutoIt_Script {
2.     meta:
3.     description = "AutoIt Script - used by attackers"
4.    
5.     strings:    
6.     $keyword1 = "#include <FTPEX.au3>"
7.     $keyword2 = "#include <updateftp.au3>"
8.     $keyword3 = "#include <WinAPI.au3>"
9.     $keyword4 = "Global $FTPServer" fullword
10.     $keyword5 = "Global $FTPUser" fullword
11.     $keyword6 = "= _FTP_Connect"
12.    
13.     condition:
14.     1 of ($keyword*)
15. }