Update and rename APT_Irontiger_Trendmicro.yar to APT_Irontiger.yar

19c2d036 · mmorenog · GitHub · 0d24c4f4 · 19c2d036
Commit 19c2d036 authored Jul 20, 2016 by mmorenog Committed by GitHub Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

APT_Irontiger.yar malware/APT_Irontiger.yar +6 -6

No files found.
--- a/malware/APT_Irontiger_Trendmicro.yar
+++ b/malware/APT_Irontiger_Trendmicro.yar
@@ -16,7 +16,7 @@ rule IronTiger_ASPXSpy
 		any of ($str*)
 }

-rule IronTiger_ChangePort_Toolkit_driversinstall
+rule IronTiger_ChangePort_Toolkit_driversinstall : driver 
 {
 	meta:
 		author = "Cyber Safety Solutions, Trend Micro"
@@ -31,7 +31,7 @@ rule IronTiger_ChangePort_Toolkit_driversinstall
 		uint16(0) == 0x5a4d and (2 of ($str*))
 }

-rule IronTiger_ChangePort_Toolkit_ChangePortExe
+rule IronTiger_ChangePort_Toolkit_ChangePortExe : Toolkit
 {
 	meta:
 		author = "Cyber Safety Solutions, Trend Micro"
@@ -47,7 +47,7 @@ rule IronTiger_ChangePort_Toolkit_ChangePortExe
 		uint16(0) == 0x5a4d and (2 of ($str*))
 }

-rule IronTiger_dllshellexc2010
+rule IronTiger_dllshellexc2010 : Backdoor
 {
 	meta:
 		author = "Cyber Safety Solutions, Trend Micro"
@@ -63,7 +63,7 @@ rule IronTiger_dllshellexc2010
 		(uint16(0) == 0x5a4d) and ((any of ($str*)) or (all of ($bla*)))
 }

-rule IronTiger_dnstunnel
+rule IronTiger_dnstunnel : Tunnel
 {
 	meta:
 		author = "Cyber Safety Solutions, Trend Micro"
@@ -83,7 +83,7 @@ rule IronTiger_dnstunnel
 		(uint16(0) == 0x5a4d) and ((any of ($str*)) or (any of ($mistake*)))
 }

-rule IronTiger_EFH3_encoder
+rule IronTiger_EFH3_encoder : Encoder
 {
 	meta:
 		author = "Cyber Safety Solutions, Trend Micro"
@@ -144,7 +144,7 @@ rule IronTiger_Gh0stRAT_variant
 		uint16(0) == 0x5a4d and (any of ($str*))
 }

-rule IronTiger_GTalk_Trojan
+rule IronTiger_GTalk_Trojan : trojan
 {
 	meta:
 		author = "Cyber Safety Solutions, Trend Micro"