Update APT_Pipcreat.yar

1c258b83 · Marc Rivero López · GitHub · 81067e0f · 1c258b83
Commit 1c258b83 authored Jan 23, 2017 by Marc Rivero López Committed by GitHub Jan 23, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletions

APT_Pipcreat.yar malware/APT_Pipcreat.yar +4 -1

No files found.
--- a/malware/APT_Pipcreat.yar
+++ b/malware/APT_Pipcreat.yar
@@ -3,7 +3,9 @@

 */

-rule APT_Win_Pipcreat : pe dll backdoor { 
+rule APT_Win_Pipcreat 
+{ 
+
  meta: 
    author = "chort (@chort0)"
    description = "APT backdoor Pipcreat"
@@ -12,6 +14,7 @@ rule APT_Win_Pipcreat : pe dll backdoor {
    MD5 = "f09d832bea93cf320986b53fce4b8397" // (incorrectly?) identified as Hupigon by many AV on VT 
    Reference = "http://www.cyberengineeringservices.com/login-exe-analysis-trojan-pipcreat/"
    version = "1.0"
+
  strings: 
    $strA = "pip creat failed" wide fullword 
    $strB = "CraatePipe" ascii fullword