False Positive Reduction

https://github.com/Neo23x0/signature-base/issues/54

iocs/filename-iocs.txt

@@ -635,7 +635,6 @@ AppData\\adobe\\adobe\.dat;65
 \\firef0x\.exe;45
 \\firefly\.exe;45
 \\firefo\.exe;45
-\\firefox_\.exe;45
 \\firefox2\.exe;45
 \\firefox32\.exe;45
 \\firefoxe\.exe;45

yara/gen_elf_file_anomalies.yar

@@ -11,5 +11,5 @@ rule SUSP_ELF_LNX_UPX_Compressed_File {
       $s1 = "PROT_EXEC|PROT_WRITE failed." fullword ascii
       $s3 = "$Id: UPX" fullword ascii
    condition:
-      uint16(0) == 0x457f and filesize < 2000KB and filesize > 30KB and all of them
+      uint32be(0) == 0x7f454c46 and filesize < 2000KB and filesize > 30KB and all of them
 }