Tags

Added new tags

malware/Adwind_JAR_PACKA.yar

@@ -2,7 +2,8 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.
 
 */
-rule Adwind_JAR_PACKA {
+rule Adwind_JAR_PACKA : binary 
+{
  meta:
   author = "Vitaly Kamluk, Vitaly.Kamluk@kaspersky.com"
   reference = "https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf"

malware/Adzok_RAT.yar

@@ -2,7 +2,7 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
 */
 
-rule Adzok
+rule Adzok : binary
 {
 	meta:
 		author = " Kevin Breen <kevin@techanarchy.net>"
@@ -18,7 +18,7 @@ rule Adzok
 		$a2 = "key.classPK"
 		$a3 = "svd$1.classPK"
 		$a4 = "svd$2.classPK"
-    $a5 = "Mensaje.classPK"
+    	$a5 = "Mensaje.classPK"
 		$a6 = "inic$ShutdownHook.class"
 		$a7 = "Uninstall.jarPK"
 		$a8 = "resources/icono.pngPK"

malware/Alina.yar

@@ -2,7 +2,8 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as
     long as you use it under this license.
 */
-rule alina {
+rule alina : forensics,pcap 
+{
     meta:
         author = "Brian Wallace @botnet_hunter"
         author_email = "bwall@ballastsecurity.net"

malware/Andromeda.yar

@@ -2,7 +2,7 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as
     long as you use it under this license.
 */
-rule andromeda
+rule andromeda : binary
 {
     meta:
         author = "Brian Wallace @botnet_hunter"