Updating index_gen.sh in terms to work correctly on Linux and Mac OS. Updating…

Updating index_gen.sh in terms to work correctly on Linux and Mac OS. Updating indices with the lasted added rules

Updating index_gen.sh in terms to work correctly on Linux and Mac OS. Updating…
Updating index_gen.sh in terms to work correctly on Linux and Mac OS. Updating indices with the lasted added rules
38852f16 · Xumeiquer · ad14fc26 · 38852f16 · 38852f16 · 38852f16
Commit 38852f16 authored Sep 09, 2016 by Xumeiquer
12 changed files
--- a/Antidebug_AntiVM_index.yar
+++ b/Antidebug_AntiVM_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Antidebug_AntiVM/antidebug_antivm.yar"
--- a/CVE_Rules_index.yar
+++ b/CVE_Rules_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./CVE_Rules/CVE-2010-0805.yar"
 include "./CVE_Rules/CVE-2010-0887.yar"

--- a/Crypto_index.yar
+++ b/Crypto_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Crypto/base64.yar"
 include "./Crypto/crypto.yar"
+include "./Crypto/crypto_signatures.yar"
--- a/Exploit-Kits_index.yar
+++ b/Exploit-Kits_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Exploit-Kits/EK_Angler.yar"
 include "./Exploit-Kits/EK_Blackhole.yar"

--- a/Malicious_Documents_index.yar
+++ b/Malicious_Documents_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
 include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"

--- a/Mobile_Malware_index.yar
+++ b/Mobile_Malware_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Mobile_Malware/Amtrckr_20160519.yar"
 include "./Mobile_Malware/Android_adware.yar"
@@ -47,6 +47,7 @@ include "./Mobile_Malware/Android_SlemBunk.yar"
 include "./Mobile_Malware/Android_SMSFraud.yar"
 include "./Mobile_Malware/Android_SpyAgent.yar"
 include "./Mobile_Malware/Android_Spynet.yar"
+include "./Mobile_Malware/Android_SpyNote.yar"
 include "./Mobile_Malware/Android_Spywaller.yar"
 include "./Mobile_Malware/Android_Tachi.yar"
 include "./Mobile_Malware/Android_Triada_Banking.yar"

--- a/Packers_index.yar
+++ b/Packers_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Packers/Javascript_exploit_and_obfuscation.yar"
 include "./Packers/JJencode.yar"
 include "./Packers/packer.yar"
+include "./Packers/packer_compiler_signatures.yar"
 include "./Packers/peid.yar"
--- a/Webshells_index.yar
+++ b/Webshells_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Webshells/WShell_APT_Laudanum.yar"
 include "./Webshells/Wshell_ChineseSpam.yar"

--- a/email_index.yar
+++ b/email_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./email/attachment.yar"
 include "./email/bank_rule.yar"

--- a/index.yar
+++ b/index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./Antidebug_AntiVM/antidebug_antivm.yar"
 include "./Crypto/base64.yar"
 include "./Crypto/crypto.yar"
+include "./Crypto/crypto_signatures.yar"
 include "./CVE_Rules/CVE-2010-0805.yar"
 include "./CVE_Rules/CVE-2010-0887.yar"
 include "./CVE_Rules/CVE-2010-1297.yar"
@@ -357,6 +358,7 @@ include "./Mobile_Malware/Android_SlemBunk.yar"
 include "./Mobile_Malware/Android_SMSFraud.yar"
 include "./Mobile_Malware/Android_SpyAgent.yar"
 include "./Mobile_Malware/Android_Spynet.yar"
+include "./Mobile_Malware/Android_SpyNote.yar"
 include "./Mobile_Malware/Android_Spywaller.yar"
 include "./Mobile_Malware/Android_Tachi.yar"
 include "./Mobile_Malware/Android_Triada_Banking.yar"
@@ -365,6 +367,7 @@ include "./Mobile_Malware/Android_VirusPolicia.yar"
 include "./Packers/Javascript_exploit_and_obfuscation.yar"
 include "./Packers/JJencode.yar"
 include "./Packers/packer.yar"
+include "./Packers/packer_compiler_signatures.yar"
 include "./Packers/peid.yar"
 include "./Webshells/WShell_APT_Laudanum.yar"
 include "./Webshells/Wshell_ChineseSpam.yar"

--- a/index_gen.sh
+++ b/index_gen.sh
@@ -2,7 +2,7 @@
 function get_folders {
    local INDECES=()
-    for folder in $(ls -F | grep -E ".*/"); do
+    for folder in $(ls -d */); do
        INDECES+="$folder "
    done
    INDECES+=". "
@@ -16,10 +16,21 @@ function gen_index {
    if [ x"$3" != x ]; then
        echo -e "/*$3*/" > $IDX_NAME
    fi
+    OS=$(uname)
    if [ x"$BASE" == x"." ]; then
-        find -E $BASE -regex ".*\.yara?" | grep -vE "_?index.yara?" | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
+        if [ $OS == "Darwin" ]; then
+            find -E $BASE -regex ".*\.yara?" | grep -vE "_?index.yara?" | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
+        else
+            # Linux version and potentialy Cygwin
+            find $BASE -regex ".*\.yara?" | grep -vE "_?index.yara?" | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
+        fi
    else
-        find -E $BASE -regex ".*\.yara?" | grep -vE "_?index.yara?" | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
+        if [ $OS == "Darwin" ]; then
+            find -E $BASE -regex ".*\.yara?" | grep -vE "_?index.yara?" | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
+        else
+            # Linux version and potentialy Cygwin
+            find $BASE -regex ".*\.yara?" | grep -vE "_?index.yara?" | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
+        fi
    fi
 }

--- a/malware_index.yar
+++ b/malware_index.yar
 /*
 Generated by Yara-Rules
-On 29-08-2016
+On 09-09-2016
 */
 include "./malware/APT_APT1.yar"
 include "./malware/APT_APT17.yar"