Update and rename Casper.yar to APT_Casper.yar

dd80771f · mmorenog · GitHub · 944fd9eb · dd80771f
Commit dd80771f authored Jul 20, 2016 by mmorenog Committed by GitHub Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

APT_Casper.yar malware/APT_Casper.yar +2 -2

No files found.
--- a/malware/Casper.yar
+++ b/malware/Casper.yar
@@ -5,7 +5,7 @@

 import "pe"

-rule Casper_Backdoor_x86 {
+rule Casper_Backdoor_x86 : APT Backdoor {
 	meta:
 		description = "Casper French Espionage Malware - Win32/ProxyBot.B - x86 Payload http://goo.gl/VRJNLo"
 		author = "Florian Roth"
@@ -36,7 +36,7 @@ rule Casper_Backdoor_x86 {
 		( 3 of ($x*) and 2 of ($y*) and 2 of ($z*) )
 }

-rule Casper_EXE_Dropper {
+rule Casper_EXE_Dropper : Dropper {
 	meta:
 		description = "Casper French Espionage Malware - Win32/ProxyBot.B - Dropper http://goo.gl/VRJNLo"
 		author = "Florian Roth"