Skip to content

R
rules
Commit b0ade30d by Yara Rules
Options

Solve problem with last commit

parent 7653bdd6
Showing with 2 additions and 3 deletions
malware/Miscelanea.yar
...@@ -1143,7 +1143,7 @@ rule DownExecute_A ...@@ -1143,7 +1143,7 @@ rule DownExecute_A
condition: condition:
all of ($winver*) or any of ($pdb*) or any of ($magic*) or 2 of ($str*) all of ($winver*) or any of ($pdb*) or any of ($magic*) or 2 of ($str*)
} }
=======
rule CN_Toolset__XScanLib_XScanLib_XScanLib { rule CN_Toolset__XScanLib_XScanLib_XScanLib {
meta: meta:
description = "Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll" description = "Detects a Chinese hacktool from a disclosed toolset - from files XScanLib.dll, XScanLib.dll, XScanLib.dll"
...@@ -1230,5 +1230,3 @@ rule CVE_2015_1674_CNGSYS { ...@@ -1230,5 +1230,3 @@ rule CVE_2015_1674_CNGSYS {
condition: condition:
uint16(0) == 0x5a4d and filesize < 60KB and all of them uint16(0) == 0x5a4d and filesize < 60KB and all of them
} }
\ No newline at end of file
>>>>>>> pr/23
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment