Skip to content

R
rules
Commit 527f46f1 by mmorenog Committed by GitHub
Options

Update APT_RAT_ShimRat.yar

parent f8c95975
Showing with 2 additions and 2 deletions
malware/APT_RAT_ShimRat.yar
rule shimrat rule shimrat: RAT
{ {
meta: meta:
description = "Detects ShimRat and the ShimRat loader" description = "Detects ShimRat and the ShimRat loader"
...@@ -26,7 +26,7 @@ rule shimrat ...@@ -26,7 +26,7 @@ rule shimrat
($dll and $dat and $headersig and $datasig) or ($datamarker1 and $datamarker2) or ($cmdlineformat and $demoproject_keyword1 and $demoproject_keyword2 and $comspec) or ($dll and $dat and $shim_func1 and $shim_func2 and $shim_func3) ($dll and $dat and $headersig and $datasig) or ($datamarker1 and $datamarker2) or ($cmdlineformat and $demoproject_keyword1 and $demoproject_keyword2 and $comspec) or ($dll and $dat and $shim_func1 and $shim_func2 and $shim_func3)
} }
rule shimratreporter rule shimratreporter: RAT
{ {
meta: meta:
description = "Detects ShimRatReporter" description = "Detects ShimRatReporter"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment