Update and rename DarkComet.yar to RAT_DarkComet.yar

c456c0aa · mmorenog · GitHub · f56f1137 · c456c0aa
Commit c456c0aa authored Jul 20, 2016 by mmorenog Committed by GitHub Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

RAT_DarkComet.yar malware/RAT_DarkComet.yar +4 -4

No files found.
--- a/malware/DarkComet.yar
+++ b/malware/DarkComet.yar
@@ -5,7 +5,7 @@

 import "pe"

-rule DarkComet_1
+rule DarkComet_1 : RAT
 {
    meta:
        description = "DarkComet RAT"
@@ -57,7 +57,7 @@ rule DarkComet_2 : rat
 	condition:
 		any of them
 }
-rule DarkComet_3
+rule DarkComet_3 : RAT
 {
 	meta:
 		author = " Kevin Breen <kevin@techanarchy.net>"
@@ -82,7 +82,7 @@ rule DarkComet_3
 		all of ($a*) or all of ($b*)
 }

-rule DarkComet_Keylogger_File
+rule DarkComet_Keylogger_File  : RAT
 {
 	meta:
 		author = "Florian Roth"
@@ -97,7 +97,7 @@ rule DarkComet_Keylogger_File
 	condition:
 		($magic at 0) and #entry > 10 and #timestamp > 10
 }
-rule DarkComet_4
+rule DarkComet_4  : RAT
 {	meta:
 		reference = "https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara"
 	strings: