Update SierraBravo.yara

ae3a1f9f · mmorenog · 52d63110 · ae3a1f9f
Commit ae3a1f9f authored Feb 25, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 12 deletions

SierraBravo.yara malware/Operation_Blockbuster/SierraBravo.yara +1 -12

No files found.
--- a/malware/Operation_Blockbuster/SierraBravo.yara
+++ b/malware/Operation_Blockbuster/SierraBravo.yara
@@ -33,18 +33,7 @@ rule SierraBravo_Two
 		.text:10003721                 mov     word ptr [ebx+29h], 4104h
 		.text:10003727                 mov     word ptr [ebx+2Bh], 32h
 		*/
-		$smbComNegotiationPacketGen = { 66 C7 ?? 0E 07 C8 
-																		[0-32]
-																		C7 ?? 39 D4 00 00 80 
-																		[0-32]
-																		66 C7 ?? 25 FF 00 
-																		[0-32]
-																		66 C7 ?? 27 A4 00 
-																		[0-32]
-																		66 C7 ?? 29 04 41 
-																		[0-32]
-																		66 C7 ?? 2B 32 00
-																	}
+		$smbComNegotiationPacketGen = { 66 C7 ?? 0E 07 C8 [0-32] C7 ?? 39 D4 00 00 80 [0-32] 66 C7 ?? 25 FF 00 [0-32] 66 C7 ?? 27 A4 00 [0-32]	66 C7 ?? 29 04 41 [0-32] 66 C7 ?? 2B 32 00}

 		$lib = "!emCFgv7Xc8ItaVGN0bMf"
 		$api1 = "!ctRHFEX5m9JnZdDfpK"