Update APT_Mongall.yar

e55e40ee · Marc Rivero López · GitHub · 0f236b61 · e55e40ee
Commit e55e40ee authored Jan 22, 2017 by Marc Rivero López Committed by GitHub Jan 22, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 16 deletions

APT_Mongall.yar malware/APT_Mongall.yar +21 -16

No files found.
--- a/malware/APT_Mongall.yar
+++ b/malware/APT_Mongall.yar
@@ -7,23 +7,26 @@ import "pe"

 rule Backdoor_APT_Mongal
 {
-meta:
-	author = "@patrickrolsen"
-	maltype = "Backdoor.APT.Mongall"
-	version = "0.1"
-	reference = "fd69a799e21ccb308531ce6056944842" 
-	date = "01/04/2014"
-strings:
-	$author  = "author user"
-	$title   = "title Vjkygdjdtyuj" nocase
-	$comp    = "company ooo"
-	$cretime = "creatim\\yr2012\\mo4\\dy19\\hr15\\min10"
-	$passwd  = "password 00000000"
-condition:
+
+    meta:
+        author = "@patrickrolsen"
+        maltype = "Backdoor.APT.Mongall"
+        version = "0.1"
+        reference = "fd69a799e21ccb308531ce6056944842" 
+        date = "01/04/2014"
+    
+    strings:
+        $author  = "author user"
+        $title   = "title Vjkygdjdtyuj" nocase
+        $comp    = "company ooo"
+        $cretime = "creatim\\yr2012\\mo4\\dy19\\hr15\\min10"
+        $passwd  = "password 00000000"
+    
+    condition:
        all of them
 }

-rule MongalCode : Mongal Family 
+rule MongalCode
 {
    meta:
        description = "Mongal code features"
@@ -38,8 +41,9 @@ rule MongalCode : Mongal Family
        any of them
 }

-rule MongalStrings : Mongal Family
+rule MongalStrings
 {
+    
    meta:
        description = "Mongal Identifying Strings"
        author = "Seth Hardy"
@@ -54,8 +58,9 @@ rule MongalStrings : Mongal Family
        any of them
 }

-rule Mongal : Family
+rule Mongal 
 {
+    
    meta:
        description = "Mongal"
        author = "Seth Hardy"