Update APT_HackingTeam.yar

malware/APT_HackingTeam.yar

@@ -2,7 +2,7 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
 */
 
-rule bin_ndisk {
+rule bin_ndisk : disk HackingTeam {
 	meta:
 		description = "Hacking Team Disclosure Sample - file ndisk.sys"
 		author = "Florian Roth"
@@ -22,7 +22,7 @@ rule bin_ndisk {
 		uint16(0) == 0x5a4d and filesize < 30KB and 6 of them
 }
 
-rule Hackingteam_Elevator_DLL {
+rule Hackingteam_Elevator_DLL : dll HackingTeam {
 	meta:
 		description = "Hacking Team Disclosure Sample - file elevator.dll"
 		author = "Florian Roth"
@@ -44,7 +44,7 @@ rule Hackingteam_Elevator_DLL {
 		uint16(0) == 0x5a4d and filesize < 1000KB and 6 of them
 }
 
-rule HackingTeam_Elevator_EXE {
+rule HackingTeam_Elevator_EXE : HackingTeam {
 	meta:
 		description = "Hacking Team Disclosure Sample - file elevator.exe"
 		author = "Florian Roth"