Skip to content

R
rules
Commit 4730d03e by mmorenog Committed by GitHub
Options

Update APT_Sofacy_Fysbis.yar

parent ea6263bf
Showing with 2 additions and 2 deletions
malware/APT_Sofacy_Fysbis.yar
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
Identifier: Sofacy Fysbis Identifier: Sofacy Fysbis
*/ */
rule Sofacy_Fybis_ELF_Backdoor_Gen1 { rule Sofacy_Fybis_ELF_Backdoor_Gen1 : Sofacy Linux Backdoor APT APT28 {
meta: meta:
description = "Detects Sofacy Fysbis Linux Backdoor_Naikon_APT_Sample1" description = "Detects Sofacy Fysbis Linux Backdoor_Naikon_APT_Sample1"
author = "Florian Roth" author = "Florian Roth"
...@@ -34,7 +34,7 @@ rule Sofacy_Fybis_ELF_Backdoor_Gen1 { ...@@ -34,7 +34,7 @@ rule Sofacy_Fybis_ELF_Backdoor_Gen1 {
( 1 of ($x*) and 3 of ($s*) ) ( 1 of ($x*) and 3 of ($s*) )
} }
rule Sofacy_Fysbis_ELF_Backdoor_Gen2 { rule Sofacy_Fysbis_ELF_Backdoor_Gen2 : Sofacy Linux Backdoor APT APT28 {
meta: meta:
description = "Detects Sofacy Fysbis Linux Backdoor" description = "Detects Sofacy Fysbis Linux Backdoor"
author = "Florian Roth" author = "Florian Roth"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment