Skip to content

R
rules
Commit 3edf8fc3 by mmorenog
Options

Update antidebug_antivm.yar

parent cc7d3a61
Showing with 6 additions and 1 deletions
antidebug_antivm.yar
...@@ -907,7 +907,8 @@ rule inject_thread { ...@@ -907,7 +907,8 @@ rule inject_thread {
condition: condition:
$c1 and $c2 and ( $c3 or $c4 ) and ( $c5 or $c6 or $c7 ) $c1 and $c2 and ( $c3 or $c4 ) and ( $c5 or $c6 or $c7 )
} }
// Issue #101 - Commented because of High FP rate
/*
rule create_process { rule create_process {
meta: meta:
author = "x0r" author = "x0r"
...@@ -923,7 +924,10 @@ rule create_process { ...@@ -923,7 +924,10 @@ rule create_process {
condition: condition:
($f1 and $c1 ) or $f2 and ($c2 or $c3 or $c4) ($f1 and $c1 ) or $f2 and ($c2 or $c3 or $c4)
} }
*/
// Issue #101 - Commented because of High FP rate
/*
rule persistence { rule persistence {
meta: meta:
author = "x0r" author = "x0r"
...@@ -950,6 +954,7 @@ rule persistence { ...@@ -950,6 +954,7 @@ rule persistence {
condition: condition:
any of them any of them
} }
*/
rule hijack_network { rule hijack_network {
meta: meta:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment