Skip to content

R
rules
Commit cf47f32a by mmorenog Committed by GitHub
Options

Update and rename APT_c16.yar to APT_C16.yar

parent ee16aca2
Showing with 5 additions and 5 deletions
malware/APT_c16.yar malware/APT_C16.yar
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
import "pe" import "pe"
rule apt_c16_win_memory_pcclient rule apt_c16_win_memory_pcclient : Memory APT
{ {
meta: meta:
author = "@dragonthreatlab" author = "@dragonthreatlab"
...@@ -21,7 +21,7 @@ rule apt_c16_win_memory_pcclient ...@@ -21,7 +21,7 @@ rule apt_c16_win_memory_pcclient
all of them all of them
} }
rule apt_c16_win_disk_pcclient rule apt_c16_win_disk_pcclient : Disk
{ {
meta: meta:
author = "@dragonthreatlab" author = "@dragonthreatlab"
...@@ -35,7 +35,7 @@ rule apt_c16_win_disk_pcclient ...@@ -35,7 +35,7 @@ rule apt_c16_win_disk_pcclient
$header at 0 $header at 0
} }
rule apt_c16_win32_dropper rule apt_c16_win32_dropper : Dropper
{ {
meta: meta:
author = "@dragonthreatlab" author = "@dragonthreatlab"
...@@ -54,7 +54,7 @@ rule apt_c16_win32_dropper ...@@ -54,7 +54,7 @@ rule apt_c16_win32_dropper
$mz at 0 and all of ($str*) $mz at 0 and all of ($str*)
} }
rule apt_c16_win_swisyn rule apt_c16_win_swisyn : Memory
{ {
meta: meta:
author = "@dragonthreatlab" author = "@dragonthreatlab"
...@@ -87,7 +87,7 @@ rule apt_c16_win_wateringhole ...@@ -87,7 +87,7 @@ rule apt_c16_win_wateringhole
any of ($str*) any of ($str*)
} }
rule apt_c16_win64_dropper rule apt_c16_win64_dropper : Dropper
{ {
meta: meta:
author = "@dragonthreatlab" author = "@dragonthreatlab"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment