Skip to content

R
rules
Commit 679aabd7 by mmorenog Committed by GitHub
Options

Update APT_Irontiger_Trendmicro.yar

parent 090955f4
Showing with 2 additions and 2 deletions
malware/APT_Irontiger_Trendmicro.yar
...@@ -159,7 +159,7 @@ rule IronTiger_GTalk_Trojan ...@@ -159,7 +159,7 @@ rule IronTiger_GTalk_Trojan
uint16(0) == 0x5a4d and (2 of ($str*)) uint16(0) == 0x5a4d and (2 of ($str*))
} }
rule IronTiger_HTTPBrowser_Dropper rule IronTiger_HTTPBrowser_Dropper : Dropper
{ {
meta: meta:
author = "Cyber Safety Solutions, Trend Micro" author = "Cyber Safety Solutions, Trend Micro"
...@@ -189,7 +189,7 @@ rule IronTiger_HTTP_SOCKS_Proxy_soexe ...@@ -189,7 +189,7 @@ rule IronTiger_HTTP_SOCKS_Proxy_soexe
uint16(0) == 0x5a4d and (3 of ($str*)) uint16(0) == 0x5a4d and (3 of ($str*))
} }
rule IronTiger_NBDDos_Gh0stvariant_dropper rule IronTiger_NBDDos_Gh0stvariant_dropper : Dropper
{ {
meta: meta:
author = "Cyber Safety Solutions, Trend Micro" author = "Cyber Safety Solutions, Trend Micro"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment