Modified rule LinuxElknot

Modified rule LinuxElknot Commit: d39c1bf90d8e2adbbc32f295a2b0d89c4cfd7826 Thank you @Nyx0

Modified rule LinuxElknot
Modified rule LinuxElknot Commit: d39c1bf90d8e2adbbc32f295a2b0d89c4cfd7826 Thank you @Nyx0
2688c758 · Yara Rules · 3030082a · 2688c758
Commit 2688c758 authored May 05, 2015 by Yara Rules
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 3 deletions

Miscelanea_Linux.yar malware/Miscelanea_Linux.yar +5 -3

No files found.
--- a/malware/Miscelanea_Linux.yar
+++ b/malware/Miscelanea_Linux.yar
@@ -42,15 +42,17 @@ rule LinuxBillGates
 rule LinuxElknot
 {
    meta:
-	author = "@benkow_"
+	Author      = "@benkow_"
-        description = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099"
+        Date        = "2013/12/24" 
+        Description = "Strings inside"
+        Reference   = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099"
    strings:
        $a = "ZN8CUtility7DeCryptEPciPKci"
 	$b = "ZN13CThreadAttack5StartEP11CCmdMessage"
    condition:
-        $a and $b
+	all of them
 }
 rule LinuxMrBlack