Update IndiaJuliett.yara

7747d094 · mmorenog · b7682be4 · 7747d094
Commit 7747d094 authored Feb 25, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 15 deletions

IndiaJuliett.yara malware/Operation_Blockbuster/IndiaJuliett.yara +1 -15

No files found.
--- a/malware/Operation_Blockbuster/IndiaJuliett.yara
+++ b/malware/Operation_Blockbuster/IndiaJuliett.yara
@@ -48,21 +48,7 @@ rule IndiaJuliett
 			81 C6 00 28 00 00  add     esi, 2800h
 		*/
-		$writeFile = {
+		$writeFile = {68 00 28 00 00 5?	E8 [4-7] 8D [3] 6A 00 5? 68 00 28 00 00 5? 5? FF 15 [4] 81 ?? 00 28 00 00 81 ?? 00 28 00 00 81 ?? 00 28 00 00}
-				68 00 28 00 00 
-				5? 
-				E8 [4-7] 
-				8D [3] 
-				6A 00 
-				5? 
-				68 00 28 00 00 
-				5? 
-				5? 
-				FF 15 [4] 
-				81 ?? 00 28 00 00 
-				81 ?? 00 28 00 00 
-				81 ?? 00 28 00 00 
-			}
 	condition:
 		($configFilename in ((pe.sections[pe.section_index(".data")].raw_data_offset)..(pe.sections[pe.section_index(".data")].raw_data_offset + pe.sections[pe.section_index(".data")].raw_data_size)) or