add .yar extension to Maldoc_hancitor_dropper and add to index

Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>

add .yar extension to Maldoc_hancitor_dropper and add to index
Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>
3d0cd31b · Ryan B · 84039586 · 3d0cd31b · 3d0cd31b
Commit 3d0cd31b authored Jun 29, 2020 by Ryan B
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

Maldoc_hancitor_dropper.yar maldocs/Maldoc_hancitor_dropper.yar +4 -0

maldocs_index.yar maldocs_index.yar +1 -0

No files found.
--- a/maldocs/Maldoc_hancitor_dropper
+++ b/maldocs/Maldoc_hancitor_dropper
+/*
+    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
+*/
 rule hancitor_dropper : vb_win32api
 {
  meta:

--- a/maldocs_index.yar
+++ b/maldocs_index.yar
@@ -11,6 +11,7 @@ include "./maldocs/Maldoc_CVE_2017_8759.yar"
 include "./maldocs/Maldoc_Contains_VBE_File.yar"
 include "./maldocs/Maldoc_DDE.yar"
 include "./maldocs/Maldoc_Dridex.yar"
+include "./maldocs/Maldoc_hancitor_dropper.yar"
 include "./maldocs/Maldoc_Hidden_PE_file.yar"
 include "./maldocs/Maldoc_MIME_ActiveMime_b64.yar"
 include "./maldocs/Maldoc_PDF.yar"