Fixed some dates

2024-11-06 10:05:18 +00:00 · 2018-12-14 08:55:27 +01:00 · 2018-12-14 08:55:27 +01:00 · e4dd8c610c
commit e4dd8c610c
parent 37582f20d3
2 changed files with 4 additions and 4 deletions
--- a/yara/apt_uscert_ta17-1117a.yar
+++ b/yara/apt_uscert_ta17-1117a.yar
@ -12,7 +12,7 @@ rule Dropper_DeploysMalwareViaSideLoading {
        author = "USG"
        reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
        true_positive = "5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481: drops REDLEAVES. 6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3: drops plugx. "
-    strings:        
+    strings:
        $UniqueString = {2e 6c 6e 6b [0-14] 61 76 70 75 69 2e 65 78 65} // ".lnk" near "avpui.exe"
        $PsuedoRandomStringGenerator = {b9 1a [0-6] f7 f9 46 80 c2 41 88 54 35 8b 83 fe 64} // Unique function that generates a 100 character pseudo random string.
    condition:
@ -62,7 +62,7 @@ rule PLUGX_RedLeaves {
        date = "03042017"
        reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
        incident = "10118538"
-        date = "2017/04/03"
+        date = "2017-04-03"
        MD5_1 = "598FF82EA4FB52717ACAFB227C83D474"
        MD5_2 = "7D10708A518B26CC8C3CBFBAA224E032"
        MD5_3 = "AF406D35C77B1E0DF17F839E36BCE630"
@ -82,4 +82,4 @@ rule PLUGX_RedLeaves {
        $s9 = "RedLeavesCMDSimulatorMutex"
    condition:
        $s0 or $s1 or $s2 and $s3 or $s4 or $s5 or $s6 or $s7 or $s8 or $s9
-}
+}
--- a/yara/generic_anomalies.yar
+++ b/yara/generic_anomalies.yar
@ -41,7 +41,7 @@ rule Cloaked_as_JPG {
   meta:
      description = "Detects a cloaked file as JPG"
      author = "Florian Roth (eval section from Didier Stevens)"
-      date = "2015/02/29"
+      date = "2015-02-28"
      score = 40
   strings:
      $fp1 = "<!DOCTYPE" ascii