refactor: date cleanup

yara/crime_corkow_dll.yar

@@ -4,7 +4,7 @@ rule CorkowDLL {
     meta:
         description = "Rule to detect the Corkow DLL files"
         author = "Group IB"
-        date = "2016/02"
+        date = "01.02.2016"
         referenced = "https://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf"
     strings:
         $binary1 = { 60 [0-8] 9C [0-8] BB ?? ?? ?? ?? [0-8] 81 EB ?? ?? ?? ?? [0-8] E8 ?? 00 00 00 [0-8] 58 [0-8] 2B C3 }

yara/gen_rats_malwareconfig.yar

@@ -2,7 +2,7 @@ rule RAT_AAR
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects AAR RAT"
 		reference = "http://malwareconfig.com/stats/AAR"
 		maltype = "Remote Access Trojan"
@@ -26,7 +26,7 @@ rule RAT_Adzok
 		author = "Kevin Breen <kevin@techanarchy.net>"
 		description = "Detects Adzok RAT"
 		Versions = "Free 1.0.0.3,"
-		date = "2015/05"
+		date = "01.05.2015"
 		reference = "http://malwareconfig.com/stats/Adzok"
 		maltype = "Remote Access Trojan"
 		filetype = "jar"
@@ -50,7 +50,7 @@ rule RAT_Ap0calypse
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
 		description = "Detects Ap0calypse RAT"
-		date = "2014/04"
+		date = "01.04.2014"
 		reference = "http://malwareconfig.com/stats/Ap0calypse"
 		maltype = "Remote Access Trojan"
 		filetype = "exe"
@@ -70,7 +70,7 @@ rule RAT_Arcom
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Arcom RAT"
 		reference = "http://malwareconfig.com/stats/Arcom"
 		maltype = "Remote Access Trojan"
@@ -92,7 +92,7 @@ rule RAT_Bandook
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Bandook RAT"
 		reference = "http://malwareconfig.com/stats/bandook"
 		maltype = "Remote Access Trojan"
@@ -118,7 +118,7 @@ rule RAT_BlackNix
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects BlackNix RAT"
 		reference = "http://malwareconfig.com/stats/BlackNix"
 		maltype = "Remote Access Trojan"
@@ -139,7 +139,7 @@ rule RAT_BlackShades
 {
 	meta:
 		author = "Brian Wallace (@botnet_hunter)"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects BlackShades RAT"
 		reference = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
 		family = "blackshades"
@@ -157,7 +157,7 @@ rule RAT_BlueBanana
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects BlueBanana RAT"
 		reference = "http://malwareconfig.com/stats/BlueBanana"
 		maltype = "Remote Access Trojan"
@@ -179,7 +179,7 @@ rule RAT_Bozok
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Bozok RAT"
 		reference = "http://malwareconfig.com/stats/Bozok"
 		maltype = "Remote Access Trojan"
@@ -200,7 +200,7 @@ rule RAT_ClientMesh
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance)"
-		date = "2014/06"
+		date = "01.06.2014"
 		description = "Detects ClientMesh RAT"
 		reference = "http://malwareconfig.com/stats/ClientMesh"
 		family = "torct"
@@ -222,7 +222,7 @@ rule RAT_CyberGate
 
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects CyberGate RAT"
 		reference = "http://malwareconfig.com/stats/CyberGate"
 		maltype = "Remote Access Trojan"
@@ -246,7 +246,7 @@ rule RAT_DarkComet
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects DarkComet RAT"
 		reference = "http://malwareconfig.com/stats/DarkComet"
 		maltype = "Remote Access Trojan"
@@ -273,7 +273,7 @@ rule RAT_DarkRAT
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects DarkRAT"
 		reference = "http://malwareconfig.com/stats/DarkRAT"
 		maltype = "Remote Access Trojan"
@@ -296,7 +296,7 @@ rule RAT_Greame
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Greame RAT"
 		reference = "http://malwareconfig.com/stats/Greame"
 		maltype = "Remote Access Trojan"
@@ -320,7 +320,7 @@ rule RAT_HawkEye
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2015/06"
+		date = "01.06.2015"
 		description = "Detects HawkEye RAT"
 		reference = "http://malwareconfig.com/stats/HawkEye"
 		maltype = "KeyLogger"
@@ -345,7 +345,7 @@ rule RAT_Imminent
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Imminent RAT"
 		reference = "http://malwareconfig.com/stats/Imminent"
 		maltype = "Remote Access Trojan"
@@ -376,7 +376,7 @@ rule RAT_Infinity
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Infinity RAT"
 		reference = "http://malwareconfig.com/stats/Infinity"
 		maltype = "Remote Access Trojan"
@@ -400,7 +400,7 @@ rule RAT_JavaDropper
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance)"
-		date = "2015/10"
+		date = "01.10.2015"
 		description = "Detects JavaDropper RAT"
 		reference = "http://malwareconfig.com/stats/JavaDropper"
 		maltype = "Remote Access Trojan"
@@ -422,7 +422,7 @@ rule RAT_LostDoor
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects LostDoor RAT"
 		reference = "http://malwareconfig.com/stats/LostDoor"
 		maltype = "Remote Access Trojan"
@@ -448,7 +448,7 @@ rule RAT_LuminosityLink
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects LuminosityLink RAT"
 		reference = "http://malwareconfig.com/stats/LuminosityLink"
 		maltype = "Remote Access Trojan"
@@ -475,7 +475,7 @@ rule RAT_LuxNet
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects LuxNet RAT"
 		reference = "http://malwareconfig.com/stats/LuxNet"
 		maltype = "Remote Access Trojan"
@@ -498,7 +498,7 @@ rule RAT_NanoCore
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects NanoCore RAT"
 		reference = "http://malwareconfig.com/stats/NanoCore"
 		maltype = "Remote Access Trojan"
@@ -526,7 +526,7 @@ rule RAT_NetWire
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> & David Cannings"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects NetWire RAT"
 		reference = "http://malwareconfig.com/stats/NetWire"
 		maltype = "Remote Access Trojan"
@@ -549,7 +549,7 @@ rule RAT_Pandora
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Pandora RAT"
 		reference = "http://malwareconfig.com/stats/Pandora"
 		maltype = "Remote Access Trojan"
@@ -578,7 +578,7 @@ rule RAT_Paradox
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Paradox RAT"
 		reference = "http://malwareconfig.com/stats/Paradox"
 		maltype = "Remote Access Trojan"
@@ -601,7 +601,7 @@ rule RAT_Plasma
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Plasma RAT"
 		reference = "http://malwareconfig.com/stats/Plasma"
 		maltype = "Remote Access Trojan"
@@ -626,7 +626,7 @@ rule RAT_PoisonIvy
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects PoisonIvy RAT"
 		reference = "http://malwareconfig.com/stats/PoisonIvy"
 		maltype = "Remote Access Trojan"
@@ -648,7 +648,7 @@ rule RAT_PredatorPain
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects PredatorPain RAT"
 		reference = "http://malwareconfig.com/stats/PredatorPain"
 		maltype = "Remote Access Trojan"
@@ -677,7 +677,7 @@ rule RAT_Punisher
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Punisher RAT"
 		reference = "http://malwareconfig.com/stats/Punisher"
 		maltype = "Remote Access Trojan"
@@ -700,7 +700,7 @@ rule RAT_PythoRAT
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Python RAT"
 		reference = "http://malwareconfig.com/stats/PythoRAT"
 		maltype = "Remote Access Trojan"
@@ -724,7 +724,7 @@ rule RAT_QRat
 {
 	meta:
 		author = "Kevin Breen @KevTheHermit"
-		date = "2015/08"
+		date = "01.08.2015"
 		description = "Detects QRAT"
 		reference = "http://malwareconfig.com"
 		maltype = "Remote Access Trojan"
@@ -788,7 +788,7 @@ rule RAT_ShadowTech
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects ShadowTech RAT"
 		reference = "http://malwareconfig.com/stats/ShadowTech"
 		maltype = "Remote Access Trojan"
@@ -811,7 +811,7 @@ rule RAT_SmallNet
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects SmallNet RAT"
 		reference = "http://malwareconfig.com/stats/SmallNet"
 		maltype = "Remote Access Trojan"
@@ -832,7 +832,7 @@ rule RAT_SpyGate
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects SpyGate RAT"
 		reference = "http://malwareconfig.com/stats/SpyGate"
 		maltype = "Remote Access Trojan"
@@ -860,7 +860,7 @@ rule RAT_Sub7Nation
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance)"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Sub7Nation RAT"
 		reference = "http://malwareconfig.com/stats/Sub7Nation"
 		maltype = "Remote Access Trojan"
@@ -882,7 +882,7 @@ rule RAT_Vertex
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Vertex RAT"
 		reference = "http://malwareconfig.com/stats/Vertex"
 		maltype = "Remote Access Trojan"
@@ -906,7 +906,7 @@ rule RAT_VirusRat
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects VirusRAT"
 		reference = "http://malwareconfig.com/stats/VirusRat"
 		maltype = "Remote Access Trojan"
@@ -934,7 +934,7 @@ rule RAT_Xtreme
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Xtreme RAT"
 		reference = "http://malwareconfig.com/stats/Xtreme"
 		maltype = "Remote Access Trojan"
@@ -956,7 +956,7 @@ rule RAT_adWind
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Adwind RAT"
 		reference = "http://malwareconfig.com/stats/adWind"
 		maltype = "Remote Access Trojan"
@@ -976,7 +976,7 @@ rule RAT_njRat
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects njRAT"
 		reference = "http://malwareconfig.com/stats/njRat"
 		maltype = "Remote Access Trojan"
@@ -1000,7 +1000,7 @@ rule RAT_unrecom
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects unrecom RAT"
 		reference = "http://malwareconfig.com/stats/unrecom"
 		maltype = "Remote Access Trojan"
@@ -1021,7 +1021,7 @@ rule RAT_xRAT
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects xRAT"
 		reference = "http://malwareconfig.com/stats/xRat"
 		maltype = "Remote Access Trojan"

yara/thor-hacktools.yar

@@ -122,7 +122,7 @@ rule Fierce2
       license = "https://creativecommons.org/licenses/by-nc/4.0/"
       author = "Florian Roth"
       description = "This signature detects the Fierce2 domain scanner"
-      date = "07/2014"
+      date = "01.07.2014" 
       score = 60
    strings:
       $s1 = "$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,"
@@ -136,7 +136,7 @@ rule Ncrack
       license = "https://creativecommons.org/licenses/by-nc/4.0/"
       author = "Florian Roth"
       description = "This signature detects the Ncrack brute force tool"
-      date = "07/2014"
+      date = "01.07.2014" 
       score = 60
    strings:
       $s1 = "NcrackOutputTable only supports adding up to 4096 to a cell via"
@@ -150,7 +150,7 @@ rule SQLMap
       license = "https://creativecommons.org/licenses/by-nc/4.0/"
       author = "Florian Roth"
       description = "This signature detects the SQLMap SQL injection tool"
-      date = "07/2014"
+      date = "01.07.2014" 
       score = 60
    strings:
       $s1 = "except SqlmapBaseException, ex:"