Update APT_Casper.yar

Fixed rule style

Update APT_Casper.yar
Fixed rule style
e3c7b963 · Marc Rivero López · GitHub · ea59b2e1 · e3c7b963
Commit e3c7b963 authored Jan 21, 2017 by Marc Rivero López Committed by GitHub Jan 21, 2017
Show whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

APT_Casper.yar malware/APT_Casper.yar +1 -1

No files found.
--- a/malware/APT_Casper.yar
+++ b/malware/APT_Casper.yar
@@ -31,6 +31,7 @@ rule Casper_Backdoor_x86
        $z1 = "http://google.com/" fullword ascii
        $z2 = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)" fullword ascii
        $z3 = "Operating System\"" fullword wide
+
    condition:
        ( all of ($s*) ) or ( 3 of ($x*) and 2 of ($y*) and 2 of ($z*) )
 }
@@ -108,4 +109,3 @@ rule Casper_SystemInformation_Output
    condition:
        all of them
 }
-