Updating indexes.

Antidebug_AntiVM_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
 include "./Antidebug_AntiVM/antidebug_antivm.yar"

CVE_Rules_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
+include "./CVE_Rules/CVE-2010-0805.yar"
 include "./CVE_Rules/CVE-2010-0887.yar"
-include "./CVE_Rules/CVE-2015-2426.yar"
-include "./CVE_Rules/CVE-2013-0074.yar"
-include "./CVE_Rules/CVE-2015-1701.yar"
 include "./CVE_Rules/CVE-2010-1297.yar"
-include "./CVE_Rules/CVE-2018-4878.yar"
+include "./CVE_Rules/CVE-2012-0158.yar"
+include "./CVE_Rules/CVE-2013-0074.yar"
 include "./CVE_Rules/CVE-2013-0422.yar"
-include "./CVE_Rules/CVE-2017-11882.yar"
+include "./CVE_Rules/CVE-2015-1701.yar"
+include "./CVE_Rules/CVE-2015-2426.yar"
+include "./CVE_Rules/CVE-2015-2545.yar"
 include "./CVE_Rules/CVE-2015-5119.yar"
-include "./CVE_Rules/CVE-2012-0158.yar"
 include "./CVE_Rules/CVE-2016-5195.yar"
-include "./CVE_Rules/CVE-2010-0805.yar"
-include "./CVE_Rules/CVE-2015-2545.yar"
+include "./CVE_Rules/CVE-2017-11882.yar"
+include "./CVE_Rules/CVE-2018-4878.yar"

Crypto_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
 include "./Crypto/crypto_signatures.yar"

Exploit-Kits_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
-include "./Exploit-Kits/EK_Blackhole.yar"
-include "./Exploit-Kits/EK_ZeroAcces.yar"
-include "./Exploit-Kits/EK_Sakura.yar"
 include "./Exploit-Kits/EK_Angler.yar"
-include "./Exploit-Kits/EK_Zeus.yar"
+include "./Exploit-Kits/EK_Blackhole.yar"
+include "./Exploit-Kits/EK_BleedingLife.yar"
 include "./Exploit-Kits/EK_Crimepack.yar"
+include "./Exploit-Kits/EK_Eleonore.yar"
+include "./Exploit-Kits/EK_Fragus.yar"
 include "./Exploit-Kits/EK_Phoenix.yar"
-include "./Exploit-Kits/EK_BleedingLife.yar"
+include "./Exploit-Kits/EK_Sakura.yar"
+include "./Exploit-Kits/EK_ZeroAcces.yar"
 include "./Exploit-Kits/EK_Zerox88.yar"
-include "./Exploit-Kits/EK_Fragus.yar"
-include "./Exploit-Kits/EK_Eleonore.yar"
+include "./Exploit-Kits/EK_Zeus.yar"

Malicious_Documents_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
+include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
+include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
+include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
+include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
+include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
+include "./Malicious_Documents/Maldoc_DDE.yar"
 include "./Malicious_Documents/Maldoc_Dridex.yar"
-include "./Malicious_Documents/Maldoc_UserForm.yar"
+include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
 include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
-include "./Malicious_Documents/Maldoc_DDE.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
-include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
+include "./Malicious_Documents/Maldoc_PDF.yar"
 include "./Malicious_Documents/Maldoc_PowerPointMouse.yar"
-include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
+include "./Malicious_Documents/Maldoc_UserForm.yar"
 include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
+include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
 include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
-include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
-include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
-include "./Malicious_Documents/Maldoc_PDF.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
 include "./Malicious_Documents/maldoc_somerules.yar"

Mobile_Malware_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
-include "./Mobile_Malware/Android_Switcher.yar"
-include "./Mobile_Malware/Android_Dendroid_RAT.yar"
-include "./Mobile_Malware/Android_Spywaller.yar"
-include "./Mobile_Malware/Android_Malware_Towelroot.yar"
-include "./Mobile_Malware/Android_pornClicker.yar"
+include "./Mobile_Malware/Android_ASSDdeveloper.yar"
+include "./Mobile_Malware/Android_AVITOMMS.yar"
+include "./Mobile_Malware/Android_AliPay_smsStealer.yar"
+include "./Mobile_Malware/Android_Amtrckr_20160519.yar"
+include "./Mobile_Malware/Android_Backdoor.yar"
+include "./Mobile_Malware/Android_Backdoor_script.yar"
+include "./Mobile_Malware/Android_BadMirror.yar"
 include "./Mobile_Malware/Android_Banker_Acecard.yar"
-include "./Mobile_Malware/Android_mapin.yar"
-include "./Mobile_Malware/Android_Polish_Bankbot.yar"
-include "./Mobile_Malware/Android_SlemBunk.yar"
+include "./Mobile_Malware/Android_BatteryBot_ClickFraud.yar"
+include "./Mobile_Malware/Android_Clicker_G.yar"
+include "./Mobile_Malware/Android_Copy9.yar"
+include "./Mobile_Malware/Android_DeathRing.yar"
+include "./Mobile_Malware/Android_Dectus_rswm.yar"
+include "./Mobile_Malware/Android_Dendroid_RAT.yar"
+include "./Mobile_Malware/Android_Dogspectus.yar"
+include "./Mobile_Malware/Android_FakeApps.yar"
 include "./Mobile_Malware/Android_FakeBank_Fanta.yar"
+include "./Mobile_Malware/Android_Godless.yar"
+include "./Mobile_Malware/Android_HackintTeam_Implant.yar"
+include "./Mobile_Malware/Android_Libyan_Scorpions.yar"
+include "./Mobile_Malware/Android_MalwareCertificates.yar"
+include "./Mobile_Malware/Android_Malware_Ramsonware.yar"
+include "./Mobile_Malware/Android_Malware_Tinhvan.yar"
+include "./Mobile_Malware/Android_Malware_Towelroot.yar"
 include "./Mobile_Malware/Android_Marcher_2.yar"
-include "./Mobile_Malware/Android_VirusPolicia.yar"
-include "./Mobile_Malware/Android_VikingOrder.yar"
-include "./Mobile_Malware/Android_AliPay_smsStealer.yar"
+include "./Mobile_Malware/Android_MazarBot_z.yar"
+include "./Mobile_Malware/Android_Metasploit.yar"
 include "./Mobile_Malware/Android_Metasploit_Payload.yar"
-include "./Mobile_Malware/Android_RuMMS.yar"
+include "./Mobile_Malware/Android_OmniRat.yar"
 include "./Mobile_Malware/Android_Overlayer.yar"
-include "./Mobile_Malware/Android_malware_xbot007.yar"
-include "./Mobile_Malware/Android_Triada_Banking.yar"
-include "./Mobile_Malware/Android_malware_Dropper.yar"
+include "./Mobile_Malware/Android_Pink_Locker.yar"
+include "./Mobile_Malware/Android_Polish_Bankbot.yar"
+include "./Mobile_Malware/Android_RuMMS.yar"
 include "./Mobile_Malware/Android_SMSFraud.yar"
-include "./Mobile_Malware/Android_Dectus_rswm.yar"
 include "./Mobile_Malware/Android_SandroRat.yar"
-include "./Mobile_Malware/Android_Malware_Ramsonware.yar"
-include "./Mobile_Malware/Android_malware_banker.yar"
-include "./Mobile_Malware/Android_malware_SMSsender.yar"
-include "./Mobile_Malware/Android_Backdoor_script.yar"
-include "./Mobile_Malware/Android_malware_Fake_MosKow.yar"
-include "./Mobile_Malware/Android_malware_HackingTeam.yar"
-include "./Mobile_Malware/Android_MalwareCertificates.yar"
-include "./Mobile_Malware/Android_DeathRing.yar"
-include "./Mobile_Malware/Android_Metasploit.yar"
-include "./Mobile_Malware/Android_Amtrckr_20160519.yar"
-include "./Mobile_Malware/Android_Clicker_G.yar"
-include "./Mobile_Malware/Android_BadMirror.yar"
-include "./Mobile_Malware/Android_Tachi.yar"
+include "./Mobile_Malware/Android_SlemBunk.yar"
 include "./Mobile_Malware/Android_SpyAgent.yar"
-include "./Mobile_Malware/Android_Malware_Tinhvan.yar"
-include "./Mobile_Malware/Android_BatteryBot_ClickFraud.yar"
-include "./Mobile_Malware/Android_Trojan_Droidjack.yar"
-include "./Mobile_Malware/Android_MazarBot_z.yar"
-include "./Mobile_Malware/Android_sk_bankTr.yar"
-include "./Mobile_Malware/Android_AVITOMMS.yar"
+include "./Mobile_Malware/Android_SpyNote.yar"
 include "./Mobile_Malware/Android_Spynet.yar"
+include "./Mobile_Malware/Android_Spywaller.yar"
+include "./Mobile_Malware/Android_Switcher.yar"
+include "./Mobile_Malware/Android_Tachi.yar"
+include "./Mobile_Malware/Android_Tempting_Cedar_Spyware.yar"
 include "./Mobile_Malware/Android_Tordow.yar"
-include "./Mobile_Malware/Android_FakeApps.yar"
-include "./Mobile_Malware/Android_Godless.yar"
-include "./Mobile_Malware/Android_Backdoor.yar"
-include "./Mobile_Malware/Android_Dogspectus.yar"
-include "./Mobile_Malware/Android_Copy9.yar"
-include "./Mobile_Malware/Android_SpyNote.yar"
-include "./Mobile_Malware/Android_malware_Advertising.yar"
-include "./Mobile_Malware/Android_adware.yar"
+include "./Mobile_Malware/Android_Triada_Banking.yar"
 include "./Mobile_Malware/Android_Trojan_Dendroid.yar"
-include "./Mobile_Malware/Android_HackintTeam_Implant.yar"
+include "./Mobile_Malware/Android_Trojan_Droidjack.yar"
+include "./Mobile_Malware/Android_VikingOrder.yar"
+include "./Mobile_Malware/Android_VirusPolicia.yar"
+include "./Mobile_Malware/Android_adware.yar"
 include "./Mobile_Malware/Android_generic_adware.yar"
 include "./Mobile_Malware/Android_generic_smsfraud.yar"
-include "./Mobile_Malware/Android_Libyan_Scorpions.yar"
-include "./Mobile_Malware/Android_ASSDdeveloper.yar"
-include "./Mobile_Malware/Android_OmniRat.yar"
-include "./Mobile_Malware/Android_Pink_Locker.yar"
+include "./Mobile_Malware/Android_malware_Advertising.yar"
 include "./Mobile_Malware/Android_malware_ChinesePorn.yar"
+include "./Mobile_Malware/Android_malware_Dropper.yar"
+include "./Mobile_Malware/Android_malware_Fake_MosKow.yar"
+include "./Mobile_Malware/Android_malware_HackingTeam.yar"
+include "./Mobile_Malware/Android_malware_SMSsender.yar"
+include "./Mobile_Malware/Android_malware_banker.yar"
+include "./Mobile_Malware/Android_malware_xbot007.yar"
+include "./Mobile_Malware/Android_mapin.yar"
+include "./Mobile_Malware/Android_pornClicker.yar"
+include "./Mobile_Malware/Android_sk_bankTr.yar"

Packers_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
 include "./Packers/JJencode.yar"
-include "./Packers/packer.yar"
-include "./Packers/peid.yar"
 include "./Packers/Javascript_exploit_and_obfuscation.yar"
+include "./Packers/packer.yar"
 include "./Packers/packer_compiler_signatures.yar"
+include "./Packers/peid.yar"

Webshells_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
+include "./Webshells/WShell_APT_Laudanum.yar"
 include "./Webshells/WShell_PHP_Anuna.yar"
-include "./Webshells/Wshell_ChineseSpam.yar"
 include "./Webshells/WShell_PHP_in_images.yar"
-include "./Webshells/Wshell_fire2013.yar"
 include "./Webshells/WShell_THOR_Webshells.yar"
-include "./Webshells/WShell_APT_Laudanum.yar"
+include "./Webshells/Wshell_ChineseSpam.yar"
+include "./Webshells/Wshell_fire2013.yar"

email_index.yar

 /*
 Generated by Yara-Rules
-On 06-02-2018
+On 02-06-2018
 */
 include "./email/EMAIL_Cryptowall.yar"
-include "./email/image.yar"
-include "./email/scam.yar"
 include "./email/attachment.yar"
-include "./email/urls.yar"
 include "./email/bank_rule.yar"
 include "./email/email_Ukraine_BE_powerattack.yar"
+include "./email/image.yar"
+include "./email/scam.yar"
+include "./email/urls.yar"

index_gen.sh

@@ -24,17 +24,17 @@ function gen_index {
             AVOID+="|Mobile"
         fi
         if [ $OS == "Darwin" ]; then
-            find -E $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
+            find -E $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | sort | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
         else
             # Linux version and potentialy Cygwin
-            find $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
+            find $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | sort | awk '{print "include \"" $0 "\""}' >> $IDX_NAME
         fi
     else
         if [ $OS == "Darwin" ]; then
-            find -E $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
+            find -E $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | sort | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
         else
             # Linux version and potentialy Cygwin
-            find $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
+            find $BASE -regex ".*\.yara?" | grep -vE "$AVOID" | sort | awk '{print "include \"./" $0 "\""}' >> $IDX_NAME
         fi
     fi
 }