Skip to content

R
rules
Commit 589957d4 by j0sm1
Options

Added tags 

Added tags
parent 00006663
Showing with 8 additions and 4 deletions
malware/Anthem_DeepPanda.yar
...@@ -7,7 +7,8 @@ import "pe" ...@@ -7,7 +7,8 @@ import "pe"
/* Anthem Deep Panda APT */ /* Anthem Deep Panda APT */
rule Anthem_DeepPanda_sl_txt_packed { rule Anthem_DeepPanda_sl_txt_packed : binary
{
meta: meta:
description = "Anthem Hack Deep Panda - ScanLine sl-txt-packed" description = "Anthem Hack Deep Panda - ScanLine sl-txt-packed"
author = "Florian Roth" author = "Florian Roth"
...@@ -26,7 +27,8 @@ rule Anthem_DeepPanda_sl_txt_packed { ...@@ -26,7 +27,8 @@ rule Anthem_DeepPanda_sl_txt_packed {
all of them all of them
} }
rule Anthem_DeepPanda_lot1 { rule Anthem_DeepPanda_lot1 : binary
{
meta: meta:
description = "Anthem Hack Deep Panda - lot1.tmp-pwdump" description = "Anthem Hack Deep Panda - lot1.tmp-pwdump"
author = "Florian Roth" author = "Florian Roth"
...@@ -51,7 +53,8 @@ rule Anthem_DeepPanda_lot1 { ...@@ -51,7 +53,8 @@ rule Anthem_DeepPanda_lot1 {
10 of them 10 of them
} }
rule Anthem_DeepPanda_htran_exe { rule Anthem_DeepPanda_htran_exe : binary
{
meta: meta:
description = "Anthem Hack Deep Panda - htran-exe" description = "Anthem Hack Deep Panda - htran-exe"
author = "Florian Roth" author = "Florian Roth"
...@@ -80,7 +83,8 @@ rule Anthem_DeepPanda_htran_exe { ...@@ -80,7 +83,8 @@ rule Anthem_DeepPanda_htran_exe {
10 of them 10 of them
} }
rule Anthem_DeepPanda_Trojan_Kakfum { rule Anthem_DeepPanda_Trojan_Kakfum : binary
{
meta: meta:
description = "Anthem Hack Deep Panda - Trojan.Kakfum sqlsrv32.dll" description = "Anthem Hack Deep Panda - Trojan.Kakfum sqlsrv32.dll"
author = "Florian Roth" author = "Florian Roth"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment