Skip to content

R
rules
Commit 03334367 by mmorenog Committed by GitHub
Options

Update Exploit_CVE_2015_2426.yar

parent fc3aad01
Showing with 2 additions and 2 deletions
malware/Exploit_CVE_2015_2426.yar
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license. This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/ */
rule Exploit_MS15_077_078 { rule Exploit_MS15_077_078: Exploit {
meta: meta:
description = "MS15-078 / MS15-077 exploit - generic signature" description = "MS15-078 / MS15-077 exploit - generic signature"
author = "Florian Roth" author = "Florian Roth"
...@@ -28,7 +28,7 @@ rule Exploit_MS15_077_078 { ...@@ -28,7 +28,7 @@ rule Exploit_MS15_077_078 {
uint16(0) == 0x5a4d and filesize < 2000KB and all of ($s*) or all of ($op*) uint16(0) == 0x5a4d and filesize < 2000KB and all of ($s*) or all of ($op*)
} }
rule Exploit_MS15_077_078_HackingTeam { rule Exploit_MS15_077_078_HackingTeam: Exploit {
meta: meta:
description = "MS15-078 / MS15-077 exploit - Hacking Team code" description = "MS15-078 / MS15-077 exploit - Hacking Team code"
author = "Florian Roth" author = "Florian Roth"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment