mastersig 1.59 KB
// Glue file for all of the different yara sigs for easier scanning
//
//  copyright 2015 Novetta Solutions
//	author = Novetta Threat Research & Interdiction Group - trig@novetta.com
// Content distribution
include "HotelAlfa.yara"

// Installers
include "IndiaAlfa.yara"
include "IndiaBravo.yara"
include "IndiaCharlie.yara"
include "IndiaDelta.yara"
include "IndiaEcho.yara"

include "IndiaGolf.yara"
include "IndiaHotel.yara"
include "IndiaJuliett.yara"
include "IndiaWhiskey.yara"

// Keyloggers
include "KiloAlfa.yara"

// Loaders
include "LimaAlfa.yara"
include "LimaBravo.yara"
include "LimaCharlie.yara"
include "LimaDelta.yara"

// Proxies
include "PapaAlfa.yara"

// RATs
include "RomeoAlfa.yara"
include "RomeoBravo.yara"
include "RomeoCharlie.yara"
include "RomeoDelta.yara"
include "RomeoEcho.yara"
include "RomeoFoxtrot.yara"
include "RomeoGolf.yara"
include "RomeoHotel.yara"
include "RomeoWhiskey.yara"

// Spreaders
include "SierraAlfa.yara"
include "SierraBravo.yara"
include "SierraCharlie.yara"
include "SierraJuliettMikeOne.yara"
include "SierraJuliettMikeTwo.yara"

// Tools
include "TangoAlfa.yara"
include "TangoBravo.yara"

// Uninstallers
include "UniformAlfa.yara"
include "UniformJuliett.yara"

// Wipers
include "WhiskeyAlfa.yara"
include "WhiskeyBravo.yara"
include "WhiskeyCharlie.yara"
include "WhiskeyDelta.yara"


// feature detection signatures  -- these are error prone
include "general.yara"
include "sharedcode.yara"
include "suicidescripts.yara"

// CERT signatures -- low confidence in these
include "cert_wiper.yara"