From aa66fbd329052408a9599cf954a5cf72d8b1d61d Mon Sep 17 00:00:00 2001
From: Kevin O'Reilly <kevoreilly@gmail.com>
Date: Fri, 17 Apr 2026 18:33:44 +0100
Subject: [PATCH] Add Salat detection

---
 data/yara/CAPE/Salat.yar | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 data/yara/CAPE/Salat.yar

diff --git a/data/yara/CAPE/Salat.yar b/data/yara/CAPE/Salat.yar
new file mode 100644
index 00000000000..f053cca9750
--- /dev/null
+++ b/data/yara/CAPE/Salat.yar
@@ -0,0 +1,14 @@
+rule Salat
+{
+    meta:
+        author = "kevoreilly"
+        description = "Salat Payload"
+        cape_type = "Salat Payload"
+    strings:
+        $a1 = "salat"
+        $a2 = "screenshot"
+        $a3 = "task.go"
+        $a4 = "tsc.go"
+    condition:
+        uint16(0) == 0x5A4D and all of them
+}