Update RAT_PolishBankRAT.yar

malware/RAT_PolishBankRAT.yar

-rule PolishBankRAT-srservice_xorloop { 
+rule PolishBankRATsrservice_xorloop { 
 meta: 
 author = “Booz Allen Hamilton Dark Labs” 
 description = “Finds the custom xor decode loop for <PolishBankRAT-srservice>” 
@@ -23,7 +23,7 @@ condition:
 (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and $loop 
 }
 
-rule PolishBankRAT-fdsvc_decode2 { 
+rule PolishBankRATfdsvc_decode2 { 
 meta: 
 author = “Booz Allen Hamilton Dark Labs” 
 description = “Find a constant used as part of a payload decoding function in PolishBankRAT-fdsvc”
@@ -43,7 +43,7 @@ condition:
 (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and all of them 
 }
 
-rule decoded_PolishBankRAT-fdsvc_strings { 
+rule decoded_PolishBankRATfdsvc_strings { 
 meta: 
 author = “Booz Allen Hamilton Dark Labs” 
 description = “Finds hard coded strings in PolishBankRAT-fdsvc”