1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
// Glue file for all of the different yara sigs for easier scanning
//
// copyright 2015 Novetta Solutions
// author = Novetta Threat Research & Interdiction Group - trig@novetta.com
// Content distribution
include "HotelAlfa.yara"
// Installers
include "IndiaAlfa.yara"
include "IndiaBravo.yara"
include "IndiaCharlie.yara"
include "IndiaDelta.yara"
include "IndiaEcho.yara"
include "IndiaGolf.yara"
include "IndiaHotel.yara"
include "IndiaJuliett.yara"
include "IndiaWhiskey.yara"
// Keyloggers
include "KiloAlfa.yara"
// Loaders
include "LimaAlfa.yara"
include "LimaBravo.yara"
include "LimaCharlie.yara"
include "LimaDelta.yara"
// Proxies
include "PapaAlfa.yara"
// RATs
include "RomeoAlfa.yara"
include "RomeoBravo.yara"
include "RomeoCharlie.yara"
include "RomeoDelta.yara"
include "RomeoEcho.yara"
include "RomeoFoxtrot.yara"
include "RomeoGolf.yara"
include "RomeoHotel.yara"
include "RomeoWhiskey.yara"
// Spreaders
include "SierraAlfa.yara"
include "SierraBravo.yara"
include "SierraCharlie.yara"
include "SierraJuliettMikeOne.yara"
include "SierraJuliettMikeTwo.yara"
// Tools
include "TangoAlfa.yara"
include "TangoBravo.yara"
// Uninstallers
include "UniformAlfa.yara"
include "UniformJuliett.yara"
// Wipers
include "WhiskeyAlfa.yara"
include "WhiskeyBravo.yara"
include "WhiskeyCharlie.yara"
include "WhiskeyDelta.yara"
// feature detection signatures -- these are error prone
include "general.yara"
include "sharedcode.yara"
include "suicidescripts.yara"
// CERT signatures -- low confidence in these
include "cert_wiper.yara"