Delete COZY_FANCY_BEAR_modified_VmUpgradeHelper

Delete COZY_FANCY_BEAR_modified_VmUpgradeHelper rule

malware/malware.yar

@@ -9874,22 +9874,6 @@ rule COZY_FANCY_BEAR_pagemgr_Hunt {
 	condition:
 		uint16(0) == 0x5a4d and 1 of them
 }
-
-rule COZY_FANCY_BEAR_modified_VmUpgradeHelper {
-	meta:
-		description = "Detects a malicious VmUpgradeHelper.exe as mentioned in the CrowdStrike report"
-		author = "Florian Roth"
-		reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
-		date = "2016-06-14"
-	strings:
-		$s1 = "VMware, Inc." wide fullword
-		$s2 = "Virtual hardware upgrade helper service" fullword wide
-		$s3 = "vmUpgradeHelper\\vmUpgradeHelper.pdb" ascii
-	condition:
-		uint16(0) == 0x5a4d and
-		filename == "VmUpgradeHelper.exe" and
-		not all of ($s*)
-}
 /*
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.