From a39be6d1acf7bb0c901fb0077fccd6862b5a95b7 Mon Sep 17 00:00:00 2001
From: mmorenog <mmorenog@users.noreply.github.com>
Date: Thu, 21 Jul 2016 15:18:55 +0200
Subject: [PATCH] Rename PittyTiger.yar to MALW_PittyTiger.yar

---
 malware/MALW_PittyTiger.yar | 21 +++++++++++++++++++++
 malware/PittyTiger.yar      | 21 ---------------------
 2 files changed, 21 insertions(+), 21 deletions(-)
 create mode 100644 malware/MALW_PittyTiger.yar
 delete mode 100644 malware/PittyTiger.yar

diff --git a/malware/MALW_PittyTiger.yar b/malware/MALW_PittyTiger.yar
new file mode 100644
index 0000000..6295070
--- /dev/null
+++ b/malware/MALW_PittyTiger.yar
@@ -0,0 +1,21 @@
+rule PittyTiger {
+  meta: 
+    author = " (@chort0)"
+    description = "Detect PittyTiger Trojan via common strings"
+    strings: 
+      $ptUserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.; SV1)" // missing minor digit
+      $ptFC001 = "FC001" fullword 
+      $ptPittyTiger = "PittyTiger" fullword 
+      $trjHTMLerr = "trj:HTML Err." nocase fullword 
+      $trjworkFunc = "trj:workFunc start." nocase fullword 
+      $trjcmdtout = "trj:cmd time out." nocase fullword 
+      $trjThrtout = "trj:Thread time out." nocase fullword
+      $trjCrPTdone = "trj:Create PT done." nocase fullword
+      $trjCrPTerr = "trj:Create PT error: mutex already exists." nocase fullword 
+      $oddPippeFailed = "Create Pippe Failed!" fullword // extra 'p'
+      $oddXferingFile = "Transfering File" fullword // missing 'r' 
+      $oddParasError = "put Paras Error:" fullword // abbreviated 'parameters'? 
+      $oddCmdTOutkilled = "Cmd Time Out..Cmd has been killed." fullword 
+condition: 
+  (any of ($pt*)) and (any of ($trj*)) and (any of ($odd*)) 
+  }
diff --git a/malware/PittyTiger.yar b/malware/PittyTiger.yar
deleted file mode 100644
index 6295070..0000000
--- a/malware/PittyTiger.yar
+++ /dev/null
@@ -1,21 +0,0 @@
-rule PittyTiger {
-  meta: 
-    author = " (@chort0)"
-    description = "Detect PittyTiger Trojan via common strings"
-    strings: 
-      $ptUserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.; SV1)" // missing minor digit
-      $ptFC001 = "FC001" fullword 
-      $ptPittyTiger = "PittyTiger" fullword 
-      $trjHTMLerr = "trj:HTML Err." nocase fullword 
-      $trjworkFunc = "trj:workFunc start." nocase fullword 
-      $trjcmdtout = "trj:cmd time out." nocase fullword 
-      $trjThrtout = "trj:Thread time out." nocase fullword
-      $trjCrPTdone = "trj:Create PT done." nocase fullword
-      $trjCrPTerr = "trj:Create PT error: mutex already exists." nocase fullword 
-      $oddPippeFailed = "Create Pippe Failed!" fullword // extra 'p'
-      $oddXferingFile = "Transfering File" fullword // missing 'r' 
-      $oddParasError = "put Paras Error:" fullword // abbreviated 'parameters'? 
-      $oddCmdTOutkilled = "Cmd Time Out..Cmd has been killed." fullword 
-condition: 
-  (any of ($pt*)) and (any of ($trj*)) and (any of ($odd*)) 
-  }
--
libgit2 0.26.0