Update RAT_PolishBankRAT.yar

3bbd9c8c · mmorenog · GitHub · 36bbd7ed · 3bbd9c8c
Commit 3bbd9c8c authored Mar 07, 2017 by mmorenog Committed by GitHub Mar 07, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

RAT_PolishBankRAT.yar malware/RAT_PolishBankRAT.yar +4 -4

No files found.
--- a/malware/RAT_PolishBankRAT.yar
+++ b/malware/RAT_PolishBankRAT.yar
 rule PolishBankRATsrservice_xorloop { 
 meta: 
-author = “Booz Allen Hamilton Dark Labs” 
+author = "Booz Allen Hamilton Dark Labs"
 description = “Finds the custom xor decode loop for <PolishBankRAT-srservice>” 
 strings:

@@ -25,7 +25,7 @@ condition:

 rule PolishBankRATfdsvc_decode2 { 
 meta: 
-author = “Booz Allen Hamilton Dark Labs” 
+author = "Booz Allen Hamilton Dark Labs" 
 description = “Find a constant used as part of a payload decoding function in PolishBankRAT-fdsvc”

 strings: 
@@ -45,8 +45,8 @@ condition:

 rule decoded_PolishBankRATfdsvc_strings { 
 meta: 
-author = “Booz Allen Hamilton Dark Labs” 
-description = “Finds hard coded strings in PolishBankRAT-fdsvc”
+author = "Booz Allen Hamilton Dark Labs"
+description = "Finds hard coded strings in PolishBankRAT-fdsvc"

 strings: