valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

YARA rule description cleanup

Browse Source
This commit is contained in:
Florian Roth 2018-12-28 12:38:31 +01:00
parent 5710d22af2
commit 046b5736d0
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yara/apt_rancor.yar
View File

@ -12,7 +12,7 @@ import "pe"
rule APT_RANCOR_JS_Malware {
meta:
description = "dropzone - file 1dc5966572e94afc2fbcf8e93e3382eef4e4d7b5bc02f24069c403a28fa6a458"
description = "Rancor Malware"
license = "https://creativecommons.org/licenses/by-nc/4.0/"
author = "Florian Roth"
reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"

8
yara/apt_vpnfilter.yar
View File

@ -10,7 +10,7 @@
rule MAL_ELF_VPNFilter_1 {
meta:
description = "dropzone - file f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344"
description = "Detects VPNFilter malware"
license = "https://creativecommons.org/licenses/by-nc/4.0/"
author = "Florian Roth"
reference = "Internal Research"
@ -31,7 +31,7 @@ rule MAL_ELF_VPNFilter_1 {
rule MAL_ELF_VPNFilter_2 {
meta:
description = "dropzone - file 50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec"
description = "Detects VPNFilter malware"
license = "https://creativecommons.org/licenses/by-nc/4.0/"
author = "Florian Roth"
reference = "Internal Research"
@ -47,7 +47,7 @@ rule MAL_ELF_VPNFilter_2 {
rule MAL_ELF_VPNFilter_3 {
meta:
description = "dropzone - file 0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92"
description = "Detects VPNFilter malware"
license = "https://creativecommons.org/licenses/by-nc/4.0/"
author = "Florian Roth"
reference = "Internal Research"
@ -76,7 +76,7 @@ rule MAL_ELF_VPNFilter_3 {
rule SUSP_ELF_Tor_Client {
meta:
description = "dropzone - file afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719"
description = "Detects VPNFilter malware"
license = "https://creativecommons.org/licenses/by-nc/4.0/"
author = "Florian Roth"
reference = "Internal Research"

2
yara/thor-hacktools.yar
View File

@ -4282,7 +4282,7 @@ rule HKTL_shellpop_socat {
rule HKTL_shellpop_Perl {
meta:
description = "dropzone - file PerlUDP"
description = "Detects Shellpop Perl script"
author = "Tobias Michalski"
reference = "https://github.com/0x00-0x00/ShellPop"
date = "2018-05-18"