From 73bfc659da4ae3381071dd5cd25345de58ac1154 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Wed, 5 Dec 2018 21:03:24 +0100
Subject: [PATCH] fix: bugfix in SSHDoor rule - missing "and"

---
 yara/apt_triton_mal_sshdoor.yar | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yara/apt_triton_mal_sshdoor.yar b/yara/apt_triton_mal_sshdoor.yar
index 6f2cf19..e5ef0c6 100644
--- a/yara/apt_triton_mal_sshdoor.yar
+++ b/yara/apt_triton_mal_sshdoor.yar
@@ -177,7 +177,7 @@ rule MAL_LNX_SSHDOOR_Triton {
       $mimban_i2 = "PEM_read_bio_RSA_PUBKEY"
       $mimban_i3 = "gethostbyname"
    condition:
-      uint32be(0) == 0x7f454c46 // ELF
+      uint32be(0) == 0x7f454c46 and // ELF
       ( 1 of ($a_*) or 2 of ($ac_*) ) // SSH Binary
       and (
          ( 1 of ($s*) ) or