Update and rename Blackhole_EK.yar to EK_Blackhole.yar

00750678 · mmorenog · GitHub · ca888720 · 00750678
Commit 00750678 authored 8 years ago by mmorenog Committed by GitHub 8 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 15 deletions

EK_Blackhole.yar Exploit-Kits/EK_Blackhole.yar +15 -15

No files found.
--- a/Exploit-Kits/Blackhole_EK.yar
+++ b/Exploit-Kits/Blackhole_EK.yar
@@ -2,7 +2,7 @@
    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.

 */
-rule blackhole2_jar
+rule blackhole2_jar : EK
 {
 meta:
   author = "Josh Berry"
@@ -29,7 +29,7 @@ strings:
 condition:
   13 of them
 }
-rule blackhole2_jar2
+rule blackhole2_jar2 : EK
 {
 meta:
   author = "Josh Berry"
@@ -55,7 +55,7 @@ strings:
 condition:
   12 of them
 }
-rule blackhole2_jar3
+rule blackhole2_jar3 : EK
 {
 meta:
   author = "Josh Berry"
@@ -81,7 +81,7 @@ strings:
 condition:
   12 of them
 }
-rule blackhole2_pdf
+rule blackhole2_pdf : EK PDF
 {
 meta:
   author = "Josh Berry"
@@ -113,7 +113,7 @@ strings:
 condition:
   18 of them
 }
-rule blackhole_basic : exploit_kit
+rule blackhole_basic :  EK
 {
    strings:
        $a = /\.php\?\.*\?\:[a-zA-Z0-9\:]{6,}\&\.*\?\&/
@@ -146,7 +146,7 @@ strings:
 condition:
   12 of them
 }
-rule blackhole2_css
+rule blackhole2_css : EK
 {
 meta:
   author = "Josh Berry"
@@ -168,7 +168,7 @@ strings:
 condition:
   18 of them
 }
-rule blackhole2_htm
+rule blackhole2_htm : EK
 {
 meta:
   author = "Josh Berry"
@@ -204,7 +204,7 @@ strings:
 condition:
   14 of them
 }
-rule blackhole2_htm10
+rule blackhole2_htm10 : EK
 {
 meta:
   author = "Josh Berry"
@@ -241,7 +241,7 @@ strings:
 condition:
   15 of them
 }
-rule blackhole2_htm11
+rule blackhole2_htm11 : EK
 {
 meta:
   author = "Josh Berry"
@@ -274,7 +274,7 @@ strings:
 condition:
   11 of them
 }
-rule blackhole2_htm12
+rule blackhole2_htm12 : EK
 {
 meta:
   author = "Josh Berry"
@@ -310,7 +310,7 @@ strings:
 condition:
   14 of them
 }
-rule blackhole2_htm3
+rule blackhole2_htm3 : EK
 {
 meta:
   author = "Josh Berry"
@@ -329,7 +329,7 @@ strings:
 condition:
   3 of them
 }
-rule blackhole2_htm4
+rule blackhole2_htm4 : EK
 {
 meta:
   author = "Josh Berry"
@@ -359,7 +359,7 @@ strings:
 condition:
   8 of them
 }
-rule blackhole2_htm5
+rule blackhole2_htm5 : EK
 {
 meta:
   author = "Josh Berry"
@@ -393,7 +393,7 @@ strings:
 condition:
   12 of them
 }
-rule blackhole2_htm6
+rule blackhole2_htm6 : EK
 {
 meta:
   author = "Josh Berry"
@@ -423,7 +423,7 @@ strings:
 condition:
   8 of them
 }
-rule blackhole2_htm8
+rule blackhole2_htm8 : EK
 {
 meta:
   author = "Josh Berry"