Minor changes in metas.

malware/APT_APT17.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 rule APT17_Sample_FXSST_DLL {

malware/APT_Careto.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 import "pe"
@@ -10,6 +9,7 @@ rule Careto_SGH {
 		author = "AlienVault (Alberto Ortega)"
 		description = "TheMask / Careto SGH component signature"
 		reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"
+		date = "2014/02/11"
 	strings:
 		$m1 = "PGPsdkDriver" ascii wide fullword
 		$m2 = "jpeg1x32" ascii wide fullword
@@ -24,6 +24,7 @@ rule Careto_OSX_SBD {
 		author = "AlienVault (Alberto Ortega)"
 		description = "TheMask / Careto OSX component signature"
 		reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"
+		date = "2014/02/11"
 	strings:
 		/* XORed "/dev/null strdup() setuid(geteuid())" */
 		$1 = {FF 16 64 0A 7E 1A 63 4D 21 4D 3E 1E 60 0F 7C 1A 65 0F 74 0B 3E 1C 7F 12}
@@ -36,6 +37,7 @@ rule Careto_CnC {
 		author = "AlienVault (Alberto Ortega)"
 		description = "TheMask / Careto CnC communication signature"
 		reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"
+		date = "2014/02/11"
 	strings:
 		$1 = "cgi-bin/commcgi.cgi" ascii wide
 		$2 = "Group" ascii wide
@@ -50,6 +52,7 @@ rule Careto_CnC_domains {
 		author = "AlienVault (Alberto Ortega)"
 		description = "TheMask / Careto known command and control domains"
 		reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"
+		date = "2014/02/11"
 	strings:
 		$1 = "linkconf.net" ascii wide nocase
 		$2 = "redirserver.net" ascii wide nocase

malware/APT_DeputyDog_Fexel.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 import "pe"

malware/APT_Duqu2.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
+
 rule apt_duqu2_loaders {
 
 meta:
-
 	copyright = "Kaspersky Lab"
 	description = "Rule to detect Duqu 2.0 samples"
 	last_modified = "2015-06-09"
 	version = "1.0"
 
-
 strings:
-
 	$a1="{AAFFC4F0-E04B-4C7C-B40A-B45DE971E81E}" wide
 	$a2="\\\\.\\pipe\\{AAFFC4F0-E04B-4C7C-B40A-B45DE971E81E}" wide
 	$a4="\\\\.\\pipe\\{AB6172ED-8105-4996-9D2A-597B5F827501}" wide
@@ -35,30 +32,23 @@ strings:
 	$d2 = {2E 3F 41 56 3F 24 5F 42 69 6E 64 40 24 30 30 58 55 3F 24 5F 50 6D 66 5F 77 72 61 70 40 50 38 43 4C 52 ?? 40 40 41 45 58 58 5A 58 56 31 40 24 24 24 56 40 73 74 64 40 40 51 41 56 43 4C 52 ?? 40 40 40 73 74 64 40 40}
 
 condition:
-
 	( (uint16(0) == 0x5a4d) and ( (any of ($a*)) or (all of ($b*)) or (all of ($c*)) ) and filesize < 100000 )
 
 	or 
 
 	( (uint32(0) == 0xe011cfd0) and ( (any of ($a*)) or (all of ($b*)) or (all of ($c*)) or (any of ($d*)) ) and filesize < 20000000 )
-
-
 }
 
 
-
 rule apt_duqu2_drivers {
 
 meta:
-
 	copyright = "Kaspersky Lab"
 	description = "Rule to detect Duqu 2.0 drivers"
 	last_modified = "2015-06-09"
 	version = "1.0"
 
 strings:
-
-	
 	$a1="\\DosDevices\\port_optimizer" wide nocase
 	$a2="romanian.antihacker"
 	$a3="PortOptimizerTermSrv" wide
@@ -69,7 +59,5 @@ strings:
 	$b3="NdisOpenProtocolConfiguration"
 
 condition:
-
 	uint16(0) == 0x5A4D and (any of ($a*) ) and (2 of ($b*)) and filesize < 100000
-
 }

malware/APT_Hellsing.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 import "pe"

malware/APT_alienspy_RAT.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 rule crime_win_rat_AlienSpy
@@ -10,7 +9,7 @@ meta:
 	author = "General Dynamics Fidelis Cybersecurity Solutions - Threat Research Team"
 	reference_1 = "www.fidelissecurity.com/sites/default/files/FTA_1015_Alienspy_FINAL.pdf"
 	reference_2 = "www.fidelissecurity.com/sites/default/files/AlienSpy-Configs2_1_2.csv"
-	date = "04-Apr-15"
+	date = "2015-04-04"
 	filetype = "Java"
 	hash_1 = "075fa0567d3415fbab3514b8aa64cfcb"
 	hash_2 = "818afea3040a887f191ee9d0579ac6ed"

malware/APT_backspace.yar

 /*
-Author: Bit Byte Bitten
-Date: 5/14/2015
+    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
 */
 
 rule apt_backspace{

malware/APT_c16.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 import "pe"
@@ -8,9 +7,11 @@ import "pe"
 rule apt_c16_win_memory_pcclient 
 {
   meta:
-    author = "@dragonthreatlab "
+    author = "@dragonthreatlab"
     md5 = "ec532bbe9d0882d403473102e9724557"
     description = "File matching the md5 above tends to only live in memory, hence the lack of MZ header check."
+    date        = "2015/01/11" 
+    reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
   strings:
     $str1 = "Kill You" ascii
     $str2 = "%4d-%02d-%02d %02d:%02d:%02d" ascii
@@ -23,9 +24,11 @@ rule apt_c16_win_memory_pcclient
 rule apt_c16_win_disk_pcclient 
 {
   meta:
-    author = "@dragonthreatlab "
+    author = "@dragonthreatlab"
     md5 = "55f84d88d84c221437cd23cdbc541d2e"
     description = "Encoded version of pcclient found on disk"
+    date        = "2015/01/11" 
+    reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
   strings:
     $header = {51 5C 96 06 03 06 06 06 0A 06 06 06 FF FF 06 06 BE 06 06 06 06 06 06 06 46 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 EE 06 06 06 10 1F BC 10 06 BA 0D D1 25 BE 05 52 D1 25 5A 6E 6D 73 26 76 74 6F 67 74 65 71 26 63 65 70 70 6F 7A 26 64 69 26 74 79 70 26 6D 70 26 4A 4F 53 26 71 6F 6A 69 30 11 11 0C 2A 06 06 06 06 06 06 06 73 43 96 1B 37 24 00 4E 37 24 00 4E 37 24 00 4E BA 40 F6 4E 39 24 00 4E 5E 41 FA 4E 33 24 00 4E 5E 41 FC 4E 39 24 00 4E 37 24 FF 4E 0D 24 00 4E FA 31 A3 4E 40 24 00 4E DF 41 F9 4E 36 24 00 4E F6 2A FE 4E 38 24 00 4E DF 41 FC 4E 38 24 00 4E 54 6D 63 6E 37 24 00 4E 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 56 49 06 06 52 05 09 06 5D 87 8C 5A 06 06 06 06 06 06 06 06 E6 06 10 25 0B 05 08 06 06 1C 06 06 06 1A 06 06 06 06 06 06 E5 27 06 06 06 16 06 06 06 36 06 06 06 06 06 16 06 16 06 06 06 04 06 06 0A 06 06 06 06 06 06 06 0A 06 06 06 06 06 06 06 06 76 06 06 06 0A 06 06 06 06 06 06 04 06 06 06 06 06 16 06 06 16 06 06}
   condition:
@@ -38,6 +41,8 @@ rule apt_c16_win32_dropper
     author = "@dragonthreatlab"
     md5 = "ad17eff26994df824be36db246c8fb6a"
     description = "APT malware used to drop PcClient RAT"
+    date        = "2015/01/11" 
+    reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
   strings:
     $mz = {4D 5A}
     $str1 = "clbcaiq.dll" ascii
@@ -55,6 +60,8 @@ rule apt_c16_win_swisyn
     author = "@dragonthreatlab"
     md5 = "a6a18c846e5179259eba9de238f67e41"
     description = "File matching the md5 above tends to only live in memory, hence the lack of MZ header check."
+    date        = "2015/01/11" 
+    reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
   strings:
     $mz = {4D 5A}
     $str1 = "/ShowWU" ascii
@@ -68,8 +75,10 @@ rule apt_c16_win_swisyn
 rule apt_c16_win_wateringhole 
 {
   meta:
-    author = "@dragonthreatlab "
+    author = "@dragonthreatlab"
     description = "Detects code from APT wateringhole"
+    date        = "2015/01/11" 
+    reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
   strings:
     $str1 = "function runmumaa()"
     $str2 = "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String("
@@ -81,10 +90,10 @@ rule apt_c16_win_wateringhole
 rule apt_c16_win64_dropper
 {
     meta:
-        Author      = "@dragonthreatlab"
-        Date        = "2015/01/11" 
-        Description = "APT malware used to drop PcClient RAT"
-        Reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
+        author      = "@dragonthreatlab"
+        date        = "2015/01/11" 
+        description = "APT malware used to drop PcClient RAT"
+        reference   = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
 
     strings:
         $mz = { 4D 5A }

malware/Adzok_RAT.yar

+/*
+    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
+*/
+
 rule Adzok
 {
 	meta:

malware/Android_Malware.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 import "pe"

malware/Anthem_DeepPanda.yar

 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
-
 */
 
 import "pe"