Skip to content

R
rules
Commit dd80771f by mmorenog Committed by GitHub
Options

Update and rename Casper.yar to APT_Casper.yar

parent 944fd9eb
Showing with 2 additions and 2 deletions
malware/Casper.yar malware/APT_Casper.yar
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
import "pe" import "pe"
rule Casper_Backdoor_x86 { rule Casper_Backdoor_x86 : APT Backdoor {
meta: meta:
description = "Casper French Espionage Malware - Win32/ProxyBot.B - x86 Payload http://goo.gl/VRJNLo" description = "Casper French Espionage Malware - Win32/ProxyBot.B - x86 Payload http://goo.gl/VRJNLo"
author = "Florian Roth" author = "Florian Roth"
...@@ -36,7 +36,7 @@ rule Casper_Backdoor_x86 { ...@@ -36,7 +36,7 @@ rule Casper_Backdoor_x86 {
( 3 of ($x*) and 2 of ($y*) and 2 of ($z*) ) ( 3 of ($x*) and 2 of ($y*) and 2 of ($z*) )
} }
rule Casper_EXE_Dropper { rule Casper_EXE_Dropper : Dropper {
meta: meta:
description = "Casper French Espionage Malware - Win32/ProxyBot.B - Dropper http://goo.gl/VRJNLo" description = "Casper French Espionage Malware - Win32/ProxyBot.B - Dropper http://goo.gl/VRJNLo"
author = "Florian Roth" author = "Florian Roth"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment