Skip to content

R
rules
Commit 5668b9cf by mmorenog
Options

Update DarkComet.yar

parent a558e3d6
Showing with 3 additions and 3 deletions
malware/DarkComet.yar
......@@ -5,7 +5,7 @@
import "pe"
rule DarkComet_2
rule DarkComet_1
{
meta:
description = "DarkComet RAT"
......@@ -38,7 +38,7 @@ rule DarkComet_2
4 of ($bot*) or all of ($ddos*) or all of ($keylogger*) or all of ($shell*)
}
rule DarkComet : rat
rule DarkComet_2 : rat
{
meta:
description = "DarkComet"
......@@ -97,7 +97,7 @@ rule DarkComet_Keylogger_File
condition:
($magic at 0) and #entry > 10 and #timestamp > 10
}
rule DarkComet
rule DarkComet_4
{ meta:
reference = "https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara"
strings:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment