refactor: date cleanup

2024-11-06 10:05:18 +00:00 · 2019-07-21 12:04:41 +02:00 · 2019-07-21 12:04:41 +02:00 · b4ef6f503e
commit b4ef6f503e
parent 3a36eabb3f
3 changed files with 46 additions and 46 deletions
--- a/yara/crime_corkow_dll.yar
+++ b/yara/crime_corkow_dll.yar
@ -4,7 +4,7 @@ rule CorkowDLL {
    meta:
        description = "Rule to detect the Corkow DLL files"
        author = "Group IB"
-        date = "2016/02"
+        date = "01.02.2016"
        referenced = "https://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf"
    strings:
        $binary1 = { 60 [0-8] 9C [0-8] BB ?? ?? ?? ?? [0-8] 81 EB ?? ?? ?? ?? [0-8] E8 ?? 00 00 00 [0-8] 58 [0-8] 2B C3 }
--- a/yara/gen_rats_malwareconfig.yar
+++ b/yara/gen_rats_malwareconfig.yar
@ -2,7 +2,7 @@ rule RAT_AAR
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects AAR RAT"
 		reference = "http://malwareconfig.com/stats/AAR"
 		maltype = "Remote Access Trojan"
@ -26,7 +26,7 @@ rule RAT_Adzok
 		author = "Kevin Breen <kevin@techanarchy.net>"
 		description = "Detects Adzok RAT"
 		Versions = "Free 1.0.0.3,"
-		date = "2015/05"
+		date = "01.05.2015"
 		reference = "http://malwareconfig.com/stats/Adzok"
 		maltype = "Remote Access Trojan"
 		filetype = "jar"
@ -50,7 +50,7 @@ rule RAT_Ap0calypse
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
 		description = "Detects Ap0calypse RAT"
-		date = "2014/04"
+		date = "01.04.2014"
 		reference = "http://malwareconfig.com/stats/Ap0calypse"
 		maltype = "Remote Access Trojan"
 		filetype = "exe"
@ -70,7 +70,7 @@ rule RAT_Arcom
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Arcom RAT"
 		reference = "http://malwareconfig.com/stats/Arcom"
 		maltype = "Remote Access Trojan"
@ -92,7 +92,7 @@ rule RAT_Bandook
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Bandook RAT"
 		reference = "http://malwareconfig.com/stats/bandook"
 		maltype = "Remote Access Trojan"
@ -118,7 +118,7 @@ rule RAT_BlackNix
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects BlackNix RAT"
 		reference = "http://malwareconfig.com/stats/BlackNix"
 		maltype = "Remote Access Trojan"
@ -139,7 +139,7 @@ rule RAT_BlackShades
 {
 	meta:
 		author = "Brian Wallace (@botnet_hunter)"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects BlackShades RAT"
 		reference = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
 		family = "blackshades"
@ -157,7 +157,7 @@ rule RAT_BlueBanana
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects BlueBanana RAT"
 		reference = "http://malwareconfig.com/stats/BlueBanana"
 		maltype = "Remote Access Trojan"
@ -179,7 +179,7 @@ rule RAT_Bozok
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Bozok RAT"
 		reference = "http://malwareconfig.com/stats/Bozok"
 		maltype = "Remote Access Trojan"
@ -200,7 +200,7 @@ rule RAT_ClientMesh
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance)"
-		date = "2014/06"
+		date = "01.06.2014"
 		description = "Detects ClientMesh RAT"
 		reference = "http://malwareconfig.com/stats/ClientMesh"
 		family = "torct"
@ -222,7 +222,7 @@ rule RAT_CyberGate

 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects CyberGate RAT"
 		reference = "http://malwareconfig.com/stats/CyberGate"
 		maltype = "Remote Access Trojan"
@ -246,7 +246,7 @@ rule RAT_DarkComet
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects DarkComet RAT"
 		reference = "http://malwareconfig.com/stats/DarkComet"
 		maltype = "Remote Access Trojan"
@ -273,7 +273,7 @@ rule RAT_DarkRAT
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects DarkRAT"
 		reference = "http://malwareconfig.com/stats/DarkRAT"
 		maltype = "Remote Access Trojan"
@ -296,7 +296,7 @@ rule RAT_Greame
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Greame RAT"
 		reference = "http://malwareconfig.com/stats/Greame"
 		maltype = "Remote Access Trojan"
@ -320,7 +320,7 @@ rule RAT_HawkEye
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2015/06"
+		date = "01.06.2015"
 		description = "Detects HawkEye RAT"
 		reference = "http://malwareconfig.com/stats/HawkEye"
 		maltype = "KeyLogger"
@ -345,7 +345,7 @@ rule RAT_Imminent
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Imminent RAT"
 		reference = "http://malwareconfig.com/stats/Imminent"
 		maltype = "Remote Access Trojan"
@ -376,7 +376,7 @@ rule RAT_Infinity
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Infinity RAT"
 		reference = "http://malwareconfig.com/stats/Infinity"
 		maltype = "Remote Access Trojan"
@ -400,7 +400,7 @@ rule RAT_JavaDropper
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance)"
-		date = "2015/10"
+		date = "01.10.2015"
 		description = "Detects JavaDropper RAT"
 		reference = "http://malwareconfig.com/stats/JavaDropper"
 		maltype = "Remote Access Trojan"
@ -422,7 +422,7 @@ rule RAT_LostDoor
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects LostDoor RAT"
 		reference = "http://malwareconfig.com/stats/LostDoor"
 		maltype = "Remote Access Trojan"
@ -448,7 +448,7 @@ rule RAT_LuminosityLink
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects LuminosityLink RAT"
 		reference = "http://malwareconfig.com/stats/LuminosityLink"
 		maltype = "Remote Access Trojan"
@ -475,7 +475,7 @@ rule RAT_LuxNet
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects LuxNet RAT"
 		reference = "http://malwareconfig.com/stats/LuxNet"
 		maltype = "Remote Access Trojan"
@ -498,7 +498,7 @@ rule RAT_NanoCore
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects NanoCore RAT"
 		reference = "http://malwareconfig.com/stats/NanoCore"
 		maltype = "Remote Access Trojan"
@ -526,7 +526,7 @@ rule RAT_NetWire
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> & David Cannings"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects NetWire RAT"
 		reference = "http://malwareconfig.com/stats/NetWire"
 		maltype = "Remote Access Trojan"
@ -549,7 +549,7 @@ rule RAT_Pandora
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Pandora RAT"
 		reference = "http://malwareconfig.com/stats/Pandora"
 		maltype = "Remote Access Trojan"
@ -578,7 +578,7 @@ rule RAT_Paradox
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Paradox RAT"
 		reference = "http://malwareconfig.com/stats/Paradox"
 		maltype = "Remote Access Trojan"
@ -601,7 +601,7 @@ rule RAT_Plasma
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Plasma RAT"
 		reference = "http://malwareconfig.com/stats/Plasma"
 		maltype = "Remote Access Trojan"
@ -626,7 +626,7 @@ rule RAT_PoisonIvy
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects PoisonIvy RAT"
 		reference = "http://malwareconfig.com/stats/PoisonIvy"
 		maltype = "Remote Access Trojan"
@ -648,7 +648,7 @@ rule RAT_PredatorPain
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects PredatorPain RAT"
 		reference = "http://malwareconfig.com/stats/PredatorPain"
 		maltype = "Remote Access Trojan"
@ -677,7 +677,7 @@ rule RAT_Punisher
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Punisher RAT"
 		reference = "http://malwareconfig.com/stats/Punisher"
 		maltype = "Remote Access Trojan"
@ -700,7 +700,7 @@ rule RAT_PythoRAT
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Python RAT"
 		reference = "http://malwareconfig.com/stats/PythoRAT"
 		maltype = "Remote Access Trojan"
@ -724,7 +724,7 @@ rule RAT_QRat
 {
 	meta:
 		author = "Kevin Breen @KevTheHermit"
-		date = "2015/08"
+		date = "01.08.2015"
 		description = "Detects QRAT"
 		reference = "http://malwareconfig.com"
 		maltype = "Remote Access Trojan"
@ -788,7 +788,7 @@ rule RAT_ShadowTech
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects ShadowTech RAT"
 		reference = "http://malwareconfig.com/stats/ShadowTech"
 		maltype = "Remote Access Trojan"
@ -811,7 +811,7 @@ rule RAT_SmallNet
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects SmallNet RAT"
 		reference = "http://malwareconfig.com/stats/SmallNet"
 		maltype = "Remote Access Trojan"
@ -832,7 +832,7 @@ rule RAT_SpyGate
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects SpyGate RAT"
 		reference = "http://malwareconfig.com/stats/SpyGate"
 		maltype = "Remote Access Trojan"
@ -860,7 +860,7 @@ rule RAT_Sub7Nation
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net> (slightly modified by Florian Roth to improve performance)"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Sub7Nation RAT"
 		reference = "http://malwareconfig.com/stats/Sub7Nation"
 		maltype = "Remote Access Trojan"
@ -882,7 +882,7 @@ rule RAT_Vertex
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Vertex RAT"
 		reference = "http://malwareconfig.com/stats/Vertex"
 		maltype = "Remote Access Trojan"
@ -906,7 +906,7 @@ rule RAT_VirusRat
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects VirusRAT"
 		reference = "http://malwareconfig.com/stats/VirusRat"
 		maltype = "Remote Access Trojan"
@ -934,7 +934,7 @@ rule RAT_Xtreme
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Xtreme RAT"
 		reference = "http://malwareconfig.com/stats/Xtreme"
 		maltype = "Remote Access Trojan"
@ -956,7 +956,7 @@ rule RAT_adWind
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects Adwind RAT"
 		reference = "http://malwareconfig.com/stats/adWind"
 		maltype = "Remote Access Trojan"
@ -976,7 +976,7 @@ rule RAT_njRat
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects njRAT"
 		reference = "http://malwareconfig.com/stats/njRat"
 		maltype = "Remote Access Trojan"
@ -1000,7 +1000,7 @@ rule RAT_unrecom
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects unrecom RAT"
 		reference = "http://malwareconfig.com/stats/unrecom"
 		maltype = "Remote Access Trojan"
@ -1021,7 +1021,7 @@ rule RAT_xRAT
 {
 	meta:
 		author = "Kevin Breen <kevin@techanarchy.net>"
-		date = "2014/04"
+		date = "01.04.2014"
 		description = "Detects xRAT"
 		reference = "http://malwareconfig.com/stats/xRat"
 		maltype = "Remote Access Trojan"
--- a/yara/thor-hacktools.yar
+++ b/yara/thor-hacktools.yar
@ -122,7 +122,7 @@ rule Fierce2
      license = "https://creativecommons.org/licenses/by-nc/4.0/"
      author = "Florian Roth"
      description = "This signature detects the Fierce2 domain scanner"
-      date = "07/2014"
+      date = "01.07.2014" 
      score = 60
   strings:
      $s1 = "$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,"
@ -136,7 +136,7 @@ rule Ncrack
      license = "https://creativecommons.org/licenses/by-nc/4.0/"
      author = "Florian Roth"
      description = "This signature detects the Ncrack brute force tool"
-      date = "07/2014"
+      date = "01.07.2014" 
      score = 60
   strings:
      $s1 = "NcrackOutputTable only supports adding up to 4096 to a cell via"
@ -150,7 +150,7 @@ rule SQLMap
      license = "https://creativecommons.org/licenses/by-nc/4.0/"
      author = "Florian Roth"
      description = "This signature detects the SQLMap SQL injection tool"
-      date = "07/2014"
+      date = "01.07.2014" 
      score = 60
   strings:
      $s1 = "except SqlmapBaseException, ex:"