Update APT_Platinum.yar

malware/APT_Platinum.yar

@@ -6,32 +6,32 @@
 rule Trojan_Win32_PlaSrv : Platinum
 {
 meta:
-author = "Microsoft"
-description = "Hotpatching Injector"
-original_sample_sha1 = "ff7f949da665ba8ce9fb01da357b51415634eaad"
-unpacked_sample_sha1 = "dff2fee984ba9f5a8f5d97582c83fca4fa1fe131"
-activity_group = "Platinum"
-version = "1.0"
-last_modified = "2016-04-12"
+    author = "Microsoft"
+    description = "Hotpatching Injector"
+    original_sample_sha1 = "ff7f949da665ba8ce9fb01da357b51415634eaad"
+    unpacked_sample_sha1 = "dff2fee984ba9f5a8f5d97582c83fca4fa1fe131"
+    activity_group = "Platinum"
+    version = "1.0"
+    last_modified = "2016-04-12"
 strings:
-$Section_name = ".hotp1"
-$offset_x59 = { C7 80 64 01 00 00 00 00 01 00 }
-condition:
-$Section_name and $offset_x59
+    $Section_name = ".hotp1"
+    $offset_x59 = { C7 80 64 01 00 00 00 00 01 00 }
+    condition:
+    $Section_name and $offset_x59
 }
 rule Trojan_Win32_Platual : Platinum
 {
 meta:
-author = "Microsoft"
-description = "Installer component"
-original_sample_sha1 = "e0ac2ae221328313a7eee33e9be0924c46e2beb9"
-unpacked_sample_sha1 = "ccaf36c2d02c3c5ca24eeeb7b1eae7742a23a86a"
-activity_group = "Platinum"
-version = "1.0"
-last_modified = "2016-04-12"
+    author = "Microsoft"
+    description = "Installer component"
+    original_sample_sha1 = "e0ac2ae221328313a7eee33e9be0924c46e2beb9"
+    unpacked_sample_sha1 = "ccaf36c2d02c3c5ca24eeeb7b1eae7742a23a86a"
+    activity_group = "Platinum"
+    version = "1.0"
+    last_modified = "2016-04-12"
 strings:
-$class_name = "AVCObfuscation"
-$scrambled_dir = { A8 8B B8 E3 B1 D7 FE 85 51 32 3E C0 F1 B7 73 99 }
+    $class_name = "AVCObfuscation"
+    $scrambled_dir = { A8 8B B8 E3 B1 D7 FE 85 51 32 3E C0 F1 B7 73 99 }
 condition:
 $class_name and $scrambled_dir
 }