valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: rule strings

Browse Source
This commit is contained in:
Florian Roth 2021-03-12 13:44:53 +01:00
parent f6990305ab
commit f681f82640
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yara/crime_dearcry_ransom.yar
View File

@ -10,7 +10,7 @@ rule MAL_RANSOM_Crime_DearCry_Mar2021_1 {
strings:
$x1 = ".TIF .TIFF .PDF .XLS .XLSX .XLTM .PS .PPS .PPT .PPTX .DOC .DOCX .LOG .MSG .RTF .TEX .TXT .CAD .WPS .EML .INI .CSS .HTM .HTML .XHTML .JS .JSP .PHP .KEYCHAIN .PEM .SQL .APK .APP .BAT .CGI .ASPX .CER .CFM .C .CPP .GO .CONFIG .PL .PY .DWG .XML .JPG .BMP .PNG .EXE .DLL .CAD .AVI .H.CSV .DAT .ISO .PST .PGD .7Z .RAR .ZIP .ZIPX .TAR .PDB .BIN .DB .MDB .MDF .BAK .LOG .EDB .STM .DBF .ORA .GPG .EDB .MFS" ascii
$s1 = "dear!!!" ascii fullword
$s1 = "create rsa error" ascii fullword
$s2 = "DEARCRY!" ascii fullword
$s4 = "/readme.txt" ascii fullword
$s5 = "msupdate" ascii fullword