Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
02c6be57
Commit
02c6be57
authored
Jul 20, 2016
by
mmorenog
Committed by
GitHub
Jul 20, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update and rename APT_threatgroup_3390.yar to APT_ThreatGroup_3390.yar
parent
5d3c5f98
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
8 deletions
+8
-8
APT_ThreatGroup_3390.yar
malware/APT_ThreatGroup_3390.yar
+8
-8
No files found.
malware/APT_
threatg
roup_3390.yar
→
malware/APT_
ThreatG
roup_3390.yar
View file @
02c6be57
...
...
@@ -9,7 +9,7 @@
Identifier: Threat Group 3390
*/
rule HttpBrowser_RAT_dropper_Gen1 {
rule HttpBrowser_RAT_dropper_Gen1
: RAT Dropper APT
{
meta:
description = "Threat Group 3390 APT Sample - HttpBrowser RAT Dropper"
author = "Florian Roth"
...
...
@@ -49,7 +49,7 @@ rule HttpBrowser_RAT_dropper_Gen1 {
uint16(0) == 0x5a4d and filesize < 400KB and all of ($x*) and 1 of ($op*)
}
rule HttpBrowser_RAT_Sample1 {
rule HttpBrowser_RAT_Sample1
: RAT APT
{
meta:
description = "Threat Group 3390 APT Sample - HttpBrowser RAT Sample update.hancominc.com"
author = "Florian Roth"
...
...
@@ -64,7 +64,7 @@ rule HttpBrowser_RAT_Sample1 {
uint16(0) == 0x5a4d and filesize < 100KB and $s0
}
rule HttpBrowser_RAT_Sample2 {
rule HttpBrowser_RAT_Sample2
: RAT APT
{
meta:
description = "Threat Group 3390 APT Sample - HttpBrowser RAT Sample"
author = "Florian Roth"
...
...
@@ -81,7 +81,7 @@ rule HttpBrowser_RAT_Sample2 {
uint16(0) == 0x5a4d and filesize < 250KB and all of them
}
rule HttpBrowser_RAT_Gen {
rule HttpBrowser_RAT_Gen
: RAT APT
{
meta:
description = "Threat Group 3390 APT Sample - HttpBrowser RAT Generic"
author = "Florian Roth"
...
...
@@ -119,7 +119,7 @@ rule HttpBrowser_RAT_Gen {
uint16(0) == 0x5a4d and filesize < 45KB and filesize > 20KB and all of them
}
rule PlugX_NvSmartMax_Gen {
rule PlugX_NvSmartMax_Gen
: PlugX APT
{
meta:
description = "Threat Group 3390 APT Sample - PlugX NvSmartMax Generic"
author = "Florian Roth"
...
...
@@ -147,7 +147,7 @@ rule PlugX_NvSmartMax_Gen {
uint16(0) == 0x5a4d and filesize < 800KB and all of ($s*) and 1 of ($op*)
}
rule HttpBrowser_RAT_dropper_Gen2 {
rule HttpBrowser_RAT_dropper_Gen2
: Dropper RAT
{
meta:
description = "Threat Group 3390 APT Sample - HttpBrowser RAT Dropper"
author = "Florian Roth"
...
...
@@ -174,7 +174,7 @@ rule HttpBrowser_RAT_dropper_Gen2 {
uint16(0) == 0x5a4d and filesize < 400KB and 3 of ($s*) and 1 of ($op*)
}
rule ThreatGroup3390_Strings {
rule ThreatGroup3390_Strings
: APT
{
meta:
description = "Threat Group 3390 APT - Strings"
author = "Florian Roth"
...
...
@@ -191,7 +191,7 @@ rule ThreatGroup3390_Strings {
1 of them and filesize < 30KB
}
rule ThreatGroup3390_C2 {
rule ThreatGroup3390_C2
: C2 APT
{
meta:
description = "Threat Group 3390 APT - C2 Server"
author = "Florian Roth"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
