Update and rename APT_Sofacy_jun16.yar to APT_Sofacy_Jun16.yar

e37d6a5d · mmorenog · GitHub · 4730d03e · e37d6a5d
Commit e37d6a5d authored Jul 20, 2016 by mmorenog Committed by GitHub Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

APT_Sofacy_Jun16.yar malware/APT_Sofacy_Jun16.yar +3 -3

No files found.
--- a/malware/APT_Sofacy_jun16.yar
+++ b/malware/APT_Sofacy_jun16.yar
@@ -7,7 +7,7 @@

 /* Rule Set ----------------------------------------------------------------- */

-rule Sofacy_Jun16_Sample1 {
+rule Sofacy_Jun16_Sample1  : Sofacy APT APT28  {
 	meta:
 		description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report"
 		author = "Florian Roth"
@@ -22,7 +22,7 @@ rule Sofacy_Jun16_Sample1 {
 		( uint16(0) == 0x5a4d and filesize < 200KB and ( 1 of ($s*) ) ) or ( all of them )
 }

-rule Sofacy_Jun16_Sample2 {
+rule Sofacy_Jun16_Sample2  : Sofacy APT APT28  {
 	meta:
 		description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report"
 		author = "Florian Roth"
@@ -44,7 +44,7 @@ rule Sofacy_Jun16_Sample2 {
 		( uint16(0) == 0x5a4d and filesize < 100KB and ( all of ($x*) ) ) or ( 3 of them )
 }

-rule Sofacy_Jun16_Sample3 {
+rule Sofacy_Jun16_Sample3  : Sofacy APT APT28 {
 	meta:
 		description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report"
 		author = "Florian Roth"