valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix to avoid too many false positives

Browse Source
This commit is contained in:
Florian Roth 2018-03-12 14:49:03 +01:00
parent 117270469f
commit 2ce3e0bbaf
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
yara/apt_apt15.yar
View File

@ -118,7 +118,7 @@ rule clean_apt15_patchedcmd{
$ = "Cmd.Exe" wide
$ = "Windows Command Processor" wide
condition:
uint16(0) == 0x5A4D and 3 of them
uint16(0) == 0x5A4D and all of them
}
rule malware_apt15_royalcli_1{
@ -291,4 +291,3 @@ rule malware_apt15_generic {
condition:
2 of them
}