Skip to content

R
rules
Commit e37d6a5d by mmorenog Committed by GitHub
Options

Update and rename APT_Sofacy_jun16.yar to APT_Sofacy_Jun16.yar

parent 4730d03e
Showing with 3 additions and 3 deletions
malware/APT_Sofacy_jun16.yar malware/APT_Sofacy_Jun16.yar
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
/* Rule Set ----------------------------------------------------------------- */ /* Rule Set ----------------------------------------------------------------- */
rule Sofacy_Jun16_Sample1 { rule Sofacy_Jun16_Sample1 : Sofacy APT APT28 {
meta: meta:
description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report" description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report"
author = "Florian Roth" author = "Florian Roth"
...@@ -22,7 +22,7 @@ rule Sofacy_Jun16_Sample1 { ...@@ -22,7 +22,7 @@ rule Sofacy_Jun16_Sample1 {
( uint16(0) == 0x5a4d and filesize < 200KB and ( 1 of ($s*) ) ) or ( all of them ) ( uint16(0) == 0x5a4d and filesize < 200KB and ( 1 of ($s*) ) ) or ( all of them )
} }
rule Sofacy_Jun16_Sample2 { rule Sofacy_Jun16_Sample2 : Sofacy APT APT28 {
meta: meta:
description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report" description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report"
author = "Florian Roth" author = "Florian Roth"
...@@ -44,7 +44,7 @@ rule Sofacy_Jun16_Sample2 { ...@@ -44,7 +44,7 @@ rule Sofacy_Jun16_Sample2 {
( uint16(0) == 0x5a4d and filesize < 100KB and ( all of ($x*) ) ) or ( 3 of them ) ( uint16(0) == 0x5a4d and filesize < 100KB and ( all of ($x*) ) ) or ( 3 of them )
} }
rule Sofacy_Jun16_Sample3 { rule Sofacy_Jun16_Sample3 : Sofacy APT APT28 {
meta: meta:
description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report" description = "Detects Sofacy Malware mentioned in PaloAltoNetworks APT report"
author = "Florian Roth" author = "Florian Roth"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment