Move is__elf to MISC_Utils.yar

be0e0374 · jovimon · GitHub · 0897926e · be0e0374
Unverified Commit be0e0374 authored Jun 02, 2018 by jovimon Committed by GitHub Jun 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 9 deletions

MALW_TinyShell_Backdoor_gen.yar malware/MALW_TinyShell_Backdoor_gen.yar +0 -9

No files found.
--- a/malware/MALW_TinyShell_Backdoor_gen.yar
+++ b/malware/MALW_TinyShell_Backdoor_gen.yar
@@ -19,15 +19,6 @@ private rule is__osx
    or uint32(0) == 0xfeedfacf  or uint32(0) == 0xcffaedfe
 }

-private rule is__elf {
- meta:
-    author = "@mmorenog,@yararules"
- strings:
-    $header = { 7F 45 4C 46 }
- condition:
-    $header at 0
-}
-
 private rule priv01 {
 meta:
    date = "2018-02-11"