valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: deactivate another rule

Browse Source
This commit is contained in:
Florian Roth 2020-12-11 17:40:42 +01:00
parent dec4aacfba
commit 935490dfc5
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yara/gen_fireeye_redteam_tools.yar
View File

@ -1426,6 +1426,9 @@ rule HackTool_MSIL_SharPersist_1
condition:
(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and $typelibguid1
}
/* bad performance */
/*
rule APT_Backdoor_Win_DShell_1
{
meta:
@ -1614,6 +1617,7 @@ rule APT_Backdoor_Win_DShell_1
condition:
(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and filesize > 500KB and 105 of ($s*) and $s112 in (3000..4000) and 40 of ($e*)
}
*/
rule APT_Backdoor_Win_GORAT_4
{
meta: