Update TangoBravo.yara

5de3e211 · mmorenog · 43ebf112 · 5de3e211
Commit 5de3e211 authored Feb 25, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 14 deletions

TangoBravo.yara malware/Operation_Blockbuster/TangoBravo.yara +1 -14

No files found.
--- a/malware/Operation_Blockbuster/TangoBravo.yara
+++ b/malware/Operation_Blockbuster/TangoBravo.yara
@@ -23,20 +23,7 @@ rule TangoBravo
 		75 E2              jnz     short loc_40110C
 	*/
-	$targetDomainCheck = {
+	$targetDomainCheck = {5? 5? FF ?? 83 C4 08 85 C0 75 ?? 8? ?? 08 01 00 00 8? ?? 08 01 00 00 4? 8B ?? 84 ?? 75  }
-			5? 
-			5? 
-			FF ?? 
-			83 C4 08 
-			85 C0 
-			75 ?? 
-			8? ?? 08 01 00 00 
-			8? ?? 08 01 00 00 
-			4? 
-			8B ?? 
-			84 ?? 
-			75  
-		}
 	condition:
 		$targetDomainCheck in ((pe.sections[pe.section_index(".text")].raw_data_offset)..(pe.sections[pe.section_index(".text")].raw_data_offset + pe.sections[pe.section_index(".text")].raw_data_size))