Skip to content

R
rules
Commit 2b745861 by Marc Rivero López Committed by GitHub
Options

Update APT_Mirage.yar

parent 68c8af64
Showing with 4 additions and 3 deletions
malware/APT_Mirage.yar
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
import "pe" import "pe"
rule MirageStrings : Mirage Family rule MirageStrings
{ {
meta: meta:
description = "Mirage Identifying Strings" description = "Mirage Identifying Strings"
...@@ -20,7 +20,7 @@ rule MirageStrings : Mirage Family ...@@ -20,7 +20,7 @@ rule MirageStrings : Mirage Family
any of them any of them
} }
rule Mirage : Family rule Mirage
{ {
meta: meta:
description = "Mirage" description = "Mirage"
...@@ -31,7 +31,7 @@ rule Mirage : Family ...@@ -31,7 +31,7 @@ rule Mirage : Family
MirageStrings MirageStrings
} }
rule Mirage_APT : APT Backdoor Rat rule Mirage_APT
{ {
meta: meta:
Author = "Silas Cutler" Author = "Silas Cutler"
...@@ -48,3 +48,4 @@ rule Mirage_APT : APT Backdoor Rat ...@@ -48,3 +48,4 @@ rule Mirage_APT : APT Backdoor Rat
condition: condition:
(($a1 or $a2) or $b) and $c (($a1 or $a2) or $b) and $c
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment