Skip to content

R
rules
Commit 747c3689 by mmorenog Committed by GitHub
Options

Update APT_Danti_svcmondr.yar

parent a2f56a59
Showing with 2 additions and 2 deletions
malware/APT_Danti_svcmondr.yar
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
/* Rule Set ----------------------------------------------------------------- */ /* Rule Set ----------------------------------------------------------------- */
rule Mal_Dropper_httpEXE_from_CAB { rule Mal_Dropper_httpEXE_from_CAB : Dropper {
meta: meta:
description = "Detects a dropper from a CAB file mentioned in the article" description = "Detects a dropper from a CAB file mentioned in the article"
author = "Florian Roth" author = "Florian Roth"
...@@ -28,7 +28,7 @@ rule Mal_Dropper_httpEXE_from_CAB { ...@@ -28,7 +28,7 @@ rule Mal_Dropper_httpEXE_from_CAB {
( uint16(0) == 0x5a4d and filesize < 1000KB and ( all of ($s*) ) ) ( uint16(0) == 0x5a4d and filesize < 1000KB and ( all of ($s*) ) )
} }
rule Mal_http_EXE { rule Mal_http_EXE : Trojan {
meta: meta:
description = "Detects trojan from APT report named http.exe" description = "Detects trojan from APT report named http.exe"
author = "Florian Roth" author = "Florian Roth"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment