Mobile rules based on Androguard are now deprecated. Folders were renamed. Index regenerated.

eca2af09 · Xumeiquer · b979e00a · eca2af09 · eca2af09 · eca2af09
Commit eca2af09 authored Jan 08, 2020 by Xumeiquer
113 changed files
--- a/.travis.yml
+++ b/.travis.yml
 language: c
 sudo: required
-#dist: trusty
+
 before_install:
  - sudo apt-get -qq update
-  - sudo apt-get install jq
+  - sudo apt-get install -y \
+    automake \
+    libtool \
+    make \
+    gcc \
+    pkg-config \
+    flex \
+    bison \
+    libjansson-dev \
+    libmagic-dev \
+    libssl-dev \
+    jq
 # Yara
  - wget $(curl -s https://api.github.com/repos/VirusTotal/yara/releases/latest | jq -r ".tarball_url") -O yara.tar.gz
-  #- wget $(wget -O - https://api.github.com/repos/VirusTotal/yara/releases/9250110 | jq -r ".tarball_url") -O yara.tar.gz
  - mkdir yara
  - tar -C yara -xzvf yara.tar.gz --strip-components 1
-# Androguard for Yara
-  - wget https://raw.githubusercontent.com/Koodous/androguard-yara/master/androguard.c -O yara/libyara/modules/androguard.c
-  - wget https://raw.githubusercontent.com/Koodous/androguard-yara/master/dist/yara-3.7.0/libyara/modules/module_list -O yara/libyara/modules/module_list
-  - wget https://raw.githubusercontent.com/Koodous/androguard-yara/master/dist/yara-3.7.0/libyara/Makefile.am -O yara/libyara/Makefile.am
-# libjansson
-  - wget http://www.digip.org/jansson/releases/jansson-2.7.tar.gz
-  - tar -xzvf jansson-2.7.tar.gz
-  - cd jansson-2.7
-  - ./configure
-  - make
-  - sudo make install
-
 # Compile Yara
  - cd ../yara
  # Update per issue 176
-  - sed -i 's/#define RE_MAX_SPLIT_ID     128/#define RE_MAX_SPLIT_ID     255/g' libyara/re.c
+  - sed -i 's/#define RE_MAX_SPLIT_ID     128/#define RE_MAX_SPLIT_ID     255/g' libyara/include/yara/limits.h
  - ./bootstrap.sh
-  - ./configure --enable-cuckoo
+  - ./configure --enable-cuckoo --enable-magic --with-crypto
  - make
  - sudo make install
  - sudo ldconfig
@@ -34,8 +32,6 @@ before_install:

 script:
  - echo "test" > testfile
-  - echo "{}" > androguard_report.json
  - FALLO=0
-#  - for j in $(ls -d */); do for i in $(find $j -type f -name "*.yara" ; find $j -type f -name "*.yar"); do echo $i; yara -x androguard=androguard_report.json $i testfile; if [[ $? -ne 0 ]]; then FALLO=1; fi; done; done
-  - for i in $(ls *_index.yar); do echo $i; yara -w -x androguard=androguard_report.json $i testfile; if [[ $? -ne 0 ]]; then FALLO=1; fi; done
+  - for i in $(ls *_index.yar); do echo $i; yara -w $i testfile; if [[ $? -ne 0 ]]; then FALLO=1; fi; done
  - exit $FALLO
--- a/Antidebug_AntiVM_index.yar
+++ b/Antidebug_AntiVM_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Antidebug_AntiVM/antidebug_antivm.yar"
+include "./antidebug_antivm/antidebug_antivm.yar"
--- a/CVE_Rules_index.yar
+++ b/CVE_Rules_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./CVE_Rules/CVE-2010-0805.yar"
-include "./CVE_Rules/CVE-2010-0887.yar"
-include "./CVE_Rules/CVE-2010-1297.yar"
-include "./CVE_Rules/CVE-2012-0158.yar"
-include "./CVE_Rules/CVE-2013-0074.yar"
-include "./CVE_Rules/CVE-2013-0422.yar"
-include "./CVE_Rules/CVE-2015-1701.yar"
-include "./CVE_Rules/CVE-2015-2426.yar"
-include "./CVE_Rules/CVE-2015-2545.yar"
-include "./CVE_Rules/CVE-2015-5119.yar"
-include "./CVE_Rules/CVE-2016-5195.yar"
-include "./CVE_Rules/CVE-2017-11882.yar"
-include "./CVE_Rules/CVE-2018-20250.yar"
-include "./CVE_Rules/CVE-2018-4878.yar"
+include "./cve_rules/CVE-2010-0805.yar"
+include "./cve_rules/CVE-2010-0887.yar"
+include "./cve_rules/CVE-2010-1297.yar"
+include "./cve_rules/CVE-2012-0158.yar"
+include "./cve_rules/CVE-2013-0074.yar"
+include "./cve_rules/CVE-2013-0422.yar"
+include "./cve_rules/CVE-2015-1701.yar"
+include "./cve_rules/CVE-2015-2426.yar"
+include "./cve_rules/CVE-2015-2545.yar"
+include "./cve_rules/CVE-2015-5119.yar"
+include "./cve_rules/CVE-2016-5195.yar"
+include "./cve_rules/CVE-2017-11882.yar"
+include "./cve_rules/CVE-2018-20250.yar"
+include "./cve_rules/CVE-2018-4878.yar"
--- a/Capabilities_index.yar
+++ b/Capabilities_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Capabilities/capabilities.yar"
+include "./capabilities/capabilities.yar"
--- a/Crypto_index.yar
+++ b/Crypto_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Crypto/crypto_signatures.yar"
+include "./crypto/crypto_signatures.yar"
--- a/Exploit-Kits_index.yar
+++ b/Exploit-Kits_index.yar
-/*
-Generated by Yara-Rules
-On 26-11-2019
-*/
-include "./Exploit-Kits/EK_Angler.yar"
-include "./Exploit-Kits/EK_Blackhole.yar"
-include "./Exploit-Kits/EK_BleedingLife.yar"
-include "./Exploit-Kits/EK_Crimepack.yar"
-include "./Exploit-Kits/EK_Eleonore.yar"
-include "./Exploit-Kits/EK_Fragus.yar"
-include "./Exploit-Kits/EK_Phoenix.yar"
-include "./Exploit-Kits/EK_Sakura.yar"
-include "./Exploit-Kits/EK_ZeroAcces.yar"
-include "./Exploit-Kits/EK_Zerox88.yar"
-include "./Exploit-Kits/EK_Zeus.yar"
--- a/Malicious_Documents_index.yar
+++ b/Malicious_Documents_index.yar
-/*
-Generated by Yara-Rules
-On 26-11-2019
-*/
-include "./Malicious_Documents/Maldoc_APT10_MenuPass.yar"
-include "./Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar"
-include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
-include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
-include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
-include "./Malicious_Documents/Maldoc_DDE.yar"
-include "./Malicious_Documents/Maldoc_Dridex.yar"
-include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
-include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
-include "./Malicious_Documents/Maldoc_PDF.yar"
-include "./Malicious_Documents/Maldoc_PowerPointMouse.yar"
-include "./Malicious_Documents/Maldoc_Suspicious_OLE_target.yar"
-include "./Malicious_Documents/Maldoc_UserForm.yar"
-include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
-include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
-include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
-include "./Malicious_Documents/maldoc_somerules.yar"
--- a/Mobile_Malware_index.yar
+++ b/Mobile_Malware_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Mobile_Malware/Android_ASSDdeveloper.yar"
-include "./Mobile_Malware/Android_AVITOMMS.yar"
-include "./Mobile_Malware/Android_AliPay_smsStealer.yar"
-include "./Mobile_Malware/Android_Amtrckr_20160519.yar"
-include "./Mobile_Malware/Android_Backdoor.yar"
-include "./Mobile_Malware/Android_Backdoor_script.yar"
-include "./Mobile_Malware/Android_BadMirror.yar"
-include "./Mobile_Malware/Android_Banker_Acecard.yar"
-include "./Mobile_Malware/Android_BatteryBot_ClickFraud.yar"
-include "./Mobile_Malware/Android_Clicker_G.yar"
-include "./Mobile_Malware/Android_Copy9.yar"
-include "./Mobile_Malware/Android_DeathRing.yar"
-include "./Mobile_Malware/Android_Dectus_rswm.yar"
-include "./Mobile_Malware/Android_Dendroid_RAT.yar"
-include "./Mobile_Malware/Android_Dogspectus.yar"
-include "./Mobile_Malware/Android_FakeApps.yar"
-include "./Mobile_Malware/Android_FakeBank_Fanta.yar"
-include "./Mobile_Malware/Android_Godless.yar"
-include "./Mobile_Malware/Android_HackintTeam_Implant.yar"
-include "./Mobile_Malware/Android_Libyan_Scorpions.yar"
-include "./Mobile_Malware/Android_MalwareCertificates.yar"
-include "./Mobile_Malware/Android_Malware_Ramsonware.yar"
-include "./Mobile_Malware/Android_Malware_Tinhvan.yar"
-include "./Mobile_Malware/Android_Malware_Towelroot.yar"
-include "./Mobile_Malware/Android_Marcher_2.yar"
-include "./Mobile_Malware/Android_MazarBot_z.yar"
-include "./Mobile_Malware/Android_Metasploit.yar"
-include "./Mobile_Malware/Android_Metasploit_Payload.yar"
-include "./Mobile_Malware/Android_OmniRat.yar"
-include "./Mobile_Malware/Android_Overlayer.yar"
-include "./Mobile_Malware/Android_Pink_Locker.yar"
-include "./Mobile_Malware/Android_Polish_Bankbot.yar"
-include "./Mobile_Malware/Android_RuMMS.yar"
-include "./Mobile_Malware/Android_SMSFraud.yar"
-include "./Mobile_Malware/Android_SandroRat.yar"
-include "./Mobile_Malware/Android_SlemBunk.yar"
-include "./Mobile_Malware/Android_SpyAgent.yar"
-include "./Mobile_Malware/Android_SpyNote.yar"
-include "./Mobile_Malware/Android_Spynet.yar"
-include "./Mobile_Malware/Android_Spywaller.yar"
-include "./Mobile_Malware/Android_Switcher.yar"
-include "./Mobile_Malware/Android_Tachi.yar"
-include "./Mobile_Malware/Android_Tempting_Cedar_Spyware.yar"
-include "./Mobile_Malware/Android_Tordow.yar"
-include "./Mobile_Malware/Android_Triada_Banking.yar"
-include "./Mobile_Malware/Android_Trojan_Dendroid.yar"
-include "./Mobile_Malware/Android_Trojan_Droidjack.yar"
-include "./Mobile_Malware/Android_VikingOrder.yar"
-include "./Mobile_Malware/Android_VirusPolicia.yar"
-include "./Mobile_Malware/Android_adware.yar"
-include "./Mobile_Malware/Android_generic_adware.yar"
-include "./Mobile_Malware/Android_generic_smsfraud.yar"
-include "./Mobile_Malware/Android_malware_Advertising.yar"
-include "./Mobile_Malware/Android_malware_ChinesePorn.yar"
-include "./Mobile_Malware/Android_malware_Dropper.yar"
-include "./Mobile_Malware/Android_malware_Fake_MosKow.yar"
-include "./Mobile_Malware/Android_malware_HackingTeam.yar"
-include "./Mobile_Malware/Android_malware_SMSsender.yar"
-include "./Mobile_Malware/Android_malware_banker.yar"
-include "./Mobile_Malware/Android_malware_xbot007.yar"
-include "./Mobile_Malware/Android_mapin.yar"
-include "./Mobile_Malware/Android_pornClicker.yar"
-include "./Mobile_Malware/Android_sk_bankTr.yar"
--- a/Packers_index.yar
+++ b/Packers_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Packers/JJencode.yar"
-include "./Packers/Javascript_exploit_and_obfuscation.yar"
-include "./Packers/packer.yar"
-include "./Packers/packer_compiler_signatures.yar"
-include "./Packers/peid.yar"
+include "./packers/JJencode.yar"
+include "./packers/Javascript_exploit_and_obfuscation.yar"
+include "./packers/packer.yar"
+include "./packers/packer_compiler_signatures.yar"
+include "./packers/peid.yar"
--- a/README.md
+++ b/README.md
@@ -14,8 +14,6 @@ If you’re interested in sharing your Yara rules with us and the Security Commu

 Twitter account: https://twitter.com/yararules

-Mailing list : http://list.yararules.com/mailman/listinfo/yararules.com.signatures
-
 # Requirements

 Yara **version 3.0** or higher is required for most of our rules to work. This is mainly due to the use of the "pe" module introduced in that version.
@@ -24,7 +22,9 @@ You can check your installed version with `yara -v`

 Packages available in Ubuntu 14.04 LTS default repositories are too old.  You can alternatively install from source or use the packages available in the [Remnux repository](https://launchpad.net/~remnux/+archive/ubuntu/stable).

-Also, you will need [Androguard Module](https://github.com/Koodous/androguard-yara) if you want to use the rules in the 'mobile_malware' category.
+~~Also, you will need [Androguard Module](https://github.com/Koodous/androguard-yara) if you want to use the rules in the 'mobile_malware' category.~~
+
+We have deprecated mobile_malware rules that depend on Androguard Module because it seems an abandoned project.

 # Categories

@@ -36,7 +36,7 @@ In this section you will find Yara Rules aimed toward the detection of anti-debu

 In this section you will find Yara rules to detect capabilities that do not fit into any of the other categories.  They are useful to know for analysis but may not be malicious indicators on their own.

-## CVE_Rules
+## CVE Rules

 In this section you will find Yara Rules specialised toward the identification of specific Common Vulnerabilities and Exposures (CVEs)

@@ -72,9 +72,9 @@ In this section you will find Yara rules specialised toward the identification o

 In this section you will find Yara rules specialised toward the identification of well-known mobile malware.

-Many rules in this section use the Androguard module developed by the people over at https://koodous.com/.
+## Deprecated

-You can get it, along with installation instructions, at https://github.com/Koodous/androguard-yara
+In this section you will find Yara rules deprecated.

 # Contact

@@ -82,4 +82,3 @@ Webpage: http://yararules.com

 Twitter account: https://twitter.com/yararules

-Mail list : http://list.yararules.com/mailman/listinfo/yararules.com.signatures
--- a/Webshells_index.yar
+++ b/Webshells_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Webshells/WShell_APT_Laudanum.yar"
-include "./Webshells/WShell_ASPXSpy.yar"
-include "./Webshells/WShell_PHP_Anuna.yar"
-include "./Webshells/WShell_PHP_in_images.yar"
-include "./Webshells/WShell_THOR_Webshells.yar"
-include "./Webshells/Wshell_ChineseSpam.yar"
-include "./Webshells/Wshell_fire2013.yar"
-include "./Webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_APT_Laudanum.yar"
+include "./webshells/WShell_ASPXSpy.yar"
+include "./webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_PHP_Anuna.yar"
+include "./webshells/WShell_PHP_in_images.yar"
+include "./webshells/WShell_THOR_Webshells.yar"
+include "./webshells/Wshell_ChineseSpam.yar"
+include "./webshells/Wshell_fire2013.yar"
--- a/Mobile_Malware/Android_ASSDdeveloper.yar
+++ b/Mobile_Malware/Android_ASSDdeveloper.yar
--- a/Mobile_Malware/Android_AVITOMMS.yar
+++ b/Mobile_Malware/Android_AVITOMMS.yar
--- a/Mobile_Malware/Android_AliPay_smsStealer.yar
+++ b/Mobile_Malware/Android_AliPay_smsStealer.yar
--- a/Mobile_Malware/Android_Amtrckr_20160519.yar
+++ b/Mobile_Malware/Android_Amtrckr_20160519.yar
--- a/Mobile_Malware/Android_Backdoor.yar
+++ b/Mobile_Malware/Android_Backdoor.yar
--- a/Mobile_Malware/Android_Backdoor_script.yar
+++ b/Mobile_Malware/Android_Backdoor_script.yar
--- a/Mobile_Malware/Android_BadMirror.yar
+++ b/Mobile_Malware/Android_BadMirror.yar
--- a/Mobile_Malware/Android_Banker_Acecard.yar
+++ b/Mobile_Malware/Android_Banker_Acecard.yar
--- a/Mobile_Malware/Android_BatteryBot_ClickFraud.yar
+++ b/Mobile_Malware/Android_BatteryBot_ClickFraud.yar
--- a/Mobile_Malware/Android_Clicker_G.yar
+++ b/Mobile_Malware/Android_Clicker_G.yar
--- a/Mobile_Malware/Android_Copy9.yar
+++ b/Mobile_Malware/Android_Copy9.yar
--- a/Mobile_Malware/Android_DeathRing.yar
+++ b/Mobile_Malware/Android_DeathRing.yar
--- a/Mobile_Malware/Android_Dectus_rswm.yar
+++ b/Mobile_Malware/Android_Dectus_rswm.yar
--- a/Mobile_Malware/Android_Dendroid_RAT.yar
+++ b/Mobile_Malware/Android_Dendroid_RAT.yar
--- a/Mobile_Malware/Android_Dogspectus.yar
+++ b/Mobile_Malware/Android_Dogspectus.yar
--- a/Mobile_Malware/Android_FakeApps.yar
+++ b/Mobile_Malware/Android_FakeApps.yar
--- a/Mobile_Malware/Android_FakeBank_Fanta.yar
+++ b/Mobile_Malware/Android_FakeBank_Fanta.yar
--- a/Mobile_Malware/Android_Godless.yar
+++ b/Mobile_Malware/Android_Godless.yar
--- a/Mobile_Malware/Android_HackintTeam_Implant.yar
+++ b/Mobile_Malware/Android_HackintTeam_Implant.yar
--- a/Mobile_Malware/Android_Libyan_Scorpions.yar
+++ b/Mobile_Malware/Android_Libyan_Scorpions.yar
--- a/Mobile_Malware/Android_MalwareCertificates.yar
+++ b/Mobile_Malware/Android_MalwareCertificates.yar
--- a/Mobile_Malware/Android_Malware_Ramsonware.yar
+++ b/Mobile_Malware/Android_Malware_Ramsonware.yar
--- a/Mobile_Malware/Android_Malware_Tinhvan.yar
+++ b/Mobile_Malware/Android_Malware_Tinhvan.yar
--- a/Mobile_Malware/Android_Malware_Towelroot.yar
+++ b/Mobile_Malware/Android_Malware_Towelroot.yar
--- a/Mobile_Malware/Android_Marcher_2.yar
+++ b/Mobile_Malware/Android_Marcher_2.yar
--- a/Mobile_Malware/Android_MazarBot_z.yar
+++ b/Mobile_Malware/Android_MazarBot_z.yar
--- a/Mobile_Malware/Android_Metasploit.yar
+++ b/Mobile_Malware/Android_Metasploit.yar
--- a/Mobile_Malware/Android_Metasploit_Payload.yar
+++ b/Mobile_Malware/Android_Metasploit_Payload.yar
--- a/Mobile_Malware/Android_OmniRat.yar
+++ b/Mobile_Malware/Android_OmniRat.yar
--- a/Mobile_Malware/Android_Overlayer.yar
+++ b/Mobile_Malware/Android_Overlayer.yar
--- a/Mobile_Malware/Android_Pink_Locker.yar
+++ b/Mobile_Malware/Android_Pink_Locker.yar
--- a/Mobile_Malware/Android_Polish_Bankbot.yar
+++ b/Mobile_Malware/Android_Polish_Bankbot.yar
--- a/Mobile_Malware/Android_RuMMS.yar
+++ b/Mobile_Malware/Android_RuMMS.yar
--- a/Mobile_Malware/Android_SMSFraud.yar
+++ b/Mobile_Malware/Android_SMSFraud.yar
--- a/Mobile_Malware/Android_SandroRat.yar
+++ b/Mobile_Malware/Android_SandroRat.yar
--- a/Mobile_Malware/Android_SlemBunk.yar
+++ b/Mobile_Malware/Android_SlemBunk.yar
--- a/Mobile_Malware/Android_SpyAgent.yar
+++ b/Mobile_Malware/Android_SpyAgent.yar
--- a/Mobile_Malware/Android_SpyNote.yar
+++ b/Mobile_Malware/Android_SpyNote.yar
--- a/Mobile_Malware/Android_Spynet.yar
+++ b/Mobile_Malware/Android_Spynet.yar
--- a/Mobile_Malware/Android_Spywaller.yar
+++ b/Mobile_Malware/Android_Spywaller.yar
--- a/Mobile_Malware/Android_Switcher.yar
+++ b/Mobile_Malware/Android_Switcher.yar
--- a/Mobile_Malware/Android_Tachi.yar
+++ b/Mobile_Malware/Android_Tachi.yar
--- a/Mobile_Malware/Android_Tempting_Cedar_Spyware.yar
+++ b/Mobile_Malware/Android_Tempting_Cedar_Spyware.yar
--- a/Mobile_Malware/Android_Tordow.yar
+++ b/Mobile_Malware/Android_Tordow.yar
--- a/Mobile_Malware/Android_Triada_Banking.yar
+++ b/Mobile_Malware/Android_Triada_Banking.yar
--- a/Mobile_Malware/Android_Trojan_Dendroid.yar
+++ b/Mobile_Malware/Android_Trojan_Dendroid.yar
--- a/Mobile_Malware/Android_Trojan_Droidjack.yar
+++ b/Mobile_Malware/Android_Trojan_Droidjack.yar
--- a/Mobile_Malware/Android_VikingOrder.yar
+++ b/Mobile_Malware/Android_VikingOrder.yar
--- a/Mobile_Malware/Android_VirusPolicia.yar
+++ b/Mobile_Malware/Android_VirusPolicia.yar
--- a/Mobile_Malware/Android_adware.yar
+++ b/Mobile_Malware/Android_adware.yar
--- a/Mobile_Malware/Android_fake_mario_app
+++ b/Mobile_Malware/Android_fake_mario_app
--- a/Mobile_Malware/Android_generic_adware.yar
+++ b/Mobile_Malware/Android_generic_adware.yar
--- a/Mobile_Malware/Android_generic_smsfraud.yar
+++ b/Mobile_Malware/Android_generic_smsfraud.yar
--- a/Mobile_Malware/Android_malware_Advertising.yar
+++ b/Mobile_Malware/Android_malware_Advertising.yar
--- a/Mobile_Malware/Android_malware_ChinesePorn.yar
+++ b/Mobile_Malware/Android_malware_ChinesePorn.yar
--- a/Mobile_Malware/Android_malware_Dropper.yar
+++ b/Mobile_Malware/Android_malware_Dropper.yar
--- a/Mobile_Malware/Android_malware_Fake_MosKow.yar
+++ b/Mobile_Malware/Android_malware_Fake_MosKow.yar
--- a/Mobile_Malware/Android_malware_HackingTeam.yar
+++ b/Mobile_Malware/Android_malware_HackingTeam.yar
--- a/Mobile_Malware/Android_malware_SMSsender.yar
+++ b/Mobile_Malware/Android_malware_SMSsender.yar
--- a/Mobile_Malware/Android_malware_banker.yar
+++ b/Mobile_Malware/Android_malware_banker.yar
--- a/Mobile_Malware/Android_malware_xbot007.yar
+++ b/Mobile_Malware/Android_malware_xbot007.yar
--- a/Mobile_Malware/Android_mapin.yar
+++ b/Mobile_Malware/Android_mapin.yar
--- a/Mobile_Malware/Android_pornClicker.yar
+++ b/Mobile_Malware/Android_pornClicker.yar
--- a/Mobile_Malware/Android_sk_bankTr.yar
+++ b/Mobile_Malware/Android_sk_bankTr.yar
--- a/email_index.yar
+++ b/email_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
 include "./email/EMAIL_Cryptowall.yar"
 include "./email/attachment.yar"

--- a/Exploit-Kits/EK_Angler.yar
+++ b/Exploit-Kits/EK_Angler.yar
--- a/Exploit-Kits/EK_Blackhole.yar
+++ b/Exploit-Kits/EK_Blackhole.yar
--- a/Exploit-Kits/EK_BleedingLife.yar
+++ b/Exploit-Kits/EK_BleedingLife.yar
--- a/Exploit-Kits/EK_Crimepack.yar
+++ b/Exploit-Kits/EK_Crimepack.yar
--- a/Exploit-Kits/EK_Eleonore.yar
+++ b/Exploit-Kits/EK_Eleonore.yar
--- a/Exploit-Kits/EK_Fragus.yar
+++ b/Exploit-Kits/EK_Fragus.yar
--- a/Exploit-Kits/EK_Phoenix.yar
+++ b/Exploit-Kits/EK_Phoenix.yar
--- a/Exploit-Kits/EK_Sakura.yar
+++ b/Exploit-Kits/EK_Sakura.yar
--- a/Exploit-Kits/EK_ZeroAcces.yar
+++ b/Exploit-Kits/EK_ZeroAcces.yar
--- a/Exploit-Kits/EK_Zerox88.yar
+++ b/Exploit-Kits/EK_Zerox88.yar
--- a/Exploit-Kits/EK_Zeus.yar
+++ b/Exploit-Kits/EK_Zeus.yar
--- a/exploit_kits_index.yar
+++ b/exploit_kits_index.yar
+/*
+Generated by Yara-Rules
+On 08-01-2020
+*/
+include "./exploit_kits/EK_Angler.yar"
+include "./exploit_kits/EK_Blackhole.yar"
+include "./exploit_kits/EK_BleedingLife.yar"
+include "./exploit_kits/EK_Crimepack.yar"
+include "./exploit_kits/EK_Eleonore.yar"
+include "./exploit_kits/EK_Fragus.yar"
+include "./exploit_kits/EK_Phoenix.yar"
+include "./exploit_kits/EK_Sakura.yar"
+include "./exploit_kits/EK_ZeroAcces.yar"
+include "./exploit_kits/EK_Zerox88.yar"
+include "./exploit_kits/EK_Zeus.yar"
--- a/index.yar
+++ b/index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Antidebug_AntiVM/antidebug_antivm.yar"
-include "./CVE_Rules/CVE-2010-0805.yar"
-include "./CVE_Rules/CVE-2010-0887.yar"
-include "./CVE_Rules/CVE-2010-1297.yar"
-include "./CVE_Rules/CVE-2012-0158.yar"
-include "./CVE_Rules/CVE-2013-0074.yar"
-include "./CVE_Rules/CVE-2013-0422.yar"
-include "./CVE_Rules/CVE-2015-1701.yar"
-include "./CVE_Rules/CVE-2015-2426.yar"
-include "./CVE_Rules/CVE-2015-2545.yar"
-include "./CVE_Rules/CVE-2015-5119.yar"
-include "./CVE_Rules/CVE-2016-5195.yar"
-include "./CVE_Rules/CVE-2017-11882.yar"
-include "./CVE_Rules/CVE-2018-20250.yar"
-include "./CVE_Rules/CVE-2018-4878.yar"
-include "./Capabilities/capabilities.yar"
-include "./Crypto/crypto_signatures.yar"
-include "./Exploit-Kits/EK_Angler.yar"
-include "./Exploit-Kits/EK_Blackhole.yar"
-include "./Exploit-Kits/EK_BleedingLife.yar"
-include "./Exploit-Kits/EK_Crimepack.yar"
-include "./Exploit-Kits/EK_Eleonore.yar"
-include "./Exploit-Kits/EK_Fragus.yar"
-include "./Exploit-Kits/EK_Phoenix.yar"
-include "./Exploit-Kits/EK_Sakura.yar"
-include "./Exploit-Kits/EK_ZeroAcces.yar"
-include "./Exploit-Kits/EK_Zerox88.yar"
-include "./Exploit-Kits/EK_Zeus.yar"
-include "./Malicious_Documents/Maldoc_APT10_MenuPass.yar"
-include "./Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar"
-include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
-include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
-include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
-include "./Malicious_Documents/Maldoc_DDE.yar"
-include "./Malicious_Documents/Maldoc_Dridex.yar"
-include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
-include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
-include "./Malicious_Documents/Maldoc_PDF.yar"
-include "./Malicious_Documents/Maldoc_PowerPointMouse.yar"
-include "./Malicious_Documents/Maldoc_Suspicious_OLE_target.yar"
-include "./Malicious_Documents/Maldoc_UserForm.yar"
-include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
-include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
-include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
-include "./Malicious_Documents/maldoc_somerules.yar"
-include "./Packers/JJencode.yar"
-include "./Packers/Javascript_exploit_and_obfuscation.yar"
-include "./Packers/packer.yar"
-include "./Packers/packer_compiler_signatures.yar"
-include "./Packers/peid.yar"
-include "./Webshells/WShell_APT_Laudanum.yar"
-include "./Webshells/WShell_ASPXSpy.yar"
-include "./Webshells/WShell_PHP_Anuna.yar"
-include "./Webshells/WShell_PHP_in_images.yar"
-include "./Webshells/WShell_THOR_Webshells.yar"
-include "./Webshells/Wshell_ChineseSpam.yar"
-include "./Webshells/Wshell_fire2013.yar"
+include "./antidebug_antivm/antidebug_antivm.yar"
+include "./capabilities/capabilities.yar"
+include "./crypto/crypto_signatures.yar"
+include "./cve_rules/CVE-2010-0805.yar"
+include "./cve_rules/CVE-2010-0887.yar"
+include "./cve_rules/CVE-2010-1297.yar"
+include "./cve_rules/CVE-2012-0158.yar"
+include "./cve_rules/CVE-2013-0074.yar"
+include "./cve_rules/CVE-2013-0422.yar"
+include "./cve_rules/CVE-2015-1701.yar"
+include "./cve_rules/CVE-2015-2426.yar"
+include "./cve_rules/CVE-2015-2545.yar"
+include "./cve_rules/CVE-2015-5119.yar"
+include "./cve_rules/CVE-2016-5195.yar"
+include "./cve_rules/CVE-2017-11882.yar"
+include "./cve_rules/CVE-2018-20250.yar"
+include "./cve_rules/CVE-2018-4878.yar"
 include "./email/EMAIL_Cryptowall.yar"
 include "./email/attachment.yar"
 include "./email/bank_rule.yar"
@@ -68,6 +26,36 @@ include "./email/email_Ukraine_BE_powerattack.yar"
 include "./email/image.yar"
 include "./email/scam.yar"
 include "./email/urls.yar"
+include "./exploit_kits/EK_Angler.yar"
+include "./exploit_kits/EK_Blackhole.yar"
+include "./exploit_kits/EK_BleedingLife.yar"
+include "./exploit_kits/EK_Crimepack.yar"
+include "./exploit_kits/EK_Eleonore.yar"
+include "./exploit_kits/EK_Fragus.yar"
+include "./exploit_kits/EK_Phoenix.yar"
+include "./exploit_kits/EK_Sakura.yar"
+include "./exploit_kits/EK_ZeroAcces.yar"
+include "./exploit_kits/EK_Zerox88.yar"
+include "./exploit_kits/EK_Zeus.yar"
+include "./maldocs/Maldoc_APT10_MenuPass.yar"
+include "./maldocs/Maldoc_APT19_CVE-2017-1099.yar"
+include "./maldocs/Maldoc_APT_OLE_JSRat.yar"
+include "./maldocs/Maldoc_CVE-2017-0199.yar"
+include "./maldocs/Maldoc_CVE_2017_11882.yar"
+include "./maldocs/Maldoc_CVE_2017_8759.yar"
+include "./maldocs/Maldoc_Contains_VBE_File.yar"
+include "./maldocs/Maldoc_DDE.yar"
+include "./maldocs/Maldoc_Dridex.yar"
+include "./maldocs/Maldoc_Hidden_PE_file.yar"
+include "./maldocs/Maldoc_MIME_ActiveMime_b64.yar"
+include "./maldocs/Maldoc_PDF.yar"
+include "./maldocs/Maldoc_PowerPointMouse.yar"
+include "./maldocs/Maldoc_Suspicious_OLE_target.yar"
+include "./maldocs/Maldoc_UserForm.yar"
+include "./maldocs/Maldoc_VBA_macro_code.yar"
+include "./maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar"
+include "./maldocs/Maldoc_malrtf_ole2link.yar"
+include "./maldocs/maldoc_somerules.yar"
 include "./malware/000_common_rules.yar"
 include "./malware/APT_APT1.yar"
 include "./malware/APT_APT10.yar"
@@ -204,6 +192,7 @@ include "./malware/MALW_Exploit_UAC_Elevators.yar"
 include "./malware/MALW_Ezcob.yar"
 include "./malware/MALW_F0xy.yar"
 include "./malware/MALW_FALLCHILL.yar"
+include "./malware/MALW_FUDCrypt.yar"
 include "./malware/MALW_FakeM.yar"
 include "./malware/MALW_Fareit.yar"
 include "./malware/MALW_Favorite.yar"
@@ -240,6 +229,7 @@ include "./malware/MALW_LinuxMoose.yar"
 include "./malware/MALW_LostDoor.yar"
 include "./malware/MALW_LuaBot.yar"
 include "./malware/MALW_LuckyCat.yar"
+include "./malware/MALW_MSILStealer.yar"
 include "./malware/MALW_MacControl.yar"
 include "./malware/MALW_Madness.yar"
 include "./malware/MALW_Magento_backend.yar"
@@ -390,6 +380,7 @@ include "./malware/RANSOM_GPGQwerty.yar"
 include "./malware/RANSOM_GoldenEye.yar"
 include "./malware/RANSOM_Locky.yar"
 include "./malware/RANSOM_MS17-010_Wannacrypt.yar"
+include "./malware/RANSOM_Maze.yar"
 include "./malware/RANSOM_PetrWrap.yar"
 include "./malware/RANSOM_Petya.yar"
 include "./malware/RANSOM_SamSam.yar"
@@ -443,3 +434,16 @@ include "./malware/TOOLKIT_Pwdump.yar"
 include "./malware/TOOLKIT_THOR_HackTools.yar"
 include "./malware/TOOLKIT_Wineggdrop.yar"
 include "./malware/TOOLKIT_exe2hex_payload.yar"
+include "./packers/JJencode.yar"
+include "./packers/Javascript_exploit_and_obfuscation.yar"
+include "./packers/packer.yar"
+include "./packers/packer_compiler_signatures.yar"
+include "./packers/peid.yar"
+include "./webshells/WShell_APT_Laudanum.yar"
+include "./webshells/WShell_ASPXSpy.yar"
+include "./webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_PHP_Anuna.yar"
+include "./webshells/WShell_PHP_in_images.yar"
+include "./webshells/WShell_THOR_Webshells.yar"
+include "./webshells/Wshell_ChineseSpam.yar"
+include "./webshells/Wshell_fire2013.yar"
--- a/index_gen.sh
+++ b/index_gen.sh
@@ -2,7 +2,8 @@

 function get_folders {
    local INDECES=()
-    for folder in $(ls -d */ | grep -v utils); do
+    AVOID="utils|deprecated"
+    for folder in $(ls -d */ | grep -vE $AVOID); do
        INDECES+="$folder "
    done
    INDECES+=". "
@@ -18,7 +19,7 @@ function gen_index {
        echo -e "/*$4*/" > $IDX_NAME
    fi
    OS=$(uname)
-    AVOID="_?index.yara?|index_|utils"
+    AVOID="_?index.yara?|index_|utils|deprecated"
    if [ x"$BASE" == x"." ]; then
        if [ $INC_MOBILE == false ]; then
            AVOID+="|Mobile"

--- a/index_w_mobile.yar
+++ b/index_w_mobile.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Antidebug_AntiVM/antidebug_antivm.yar"
-include "./CVE_Rules/CVE-2010-0805.yar"
-include "./CVE_Rules/CVE-2010-0887.yar"
-include "./CVE_Rules/CVE-2010-1297.yar"
-include "./CVE_Rules/CVE-2012-0158.yar"
-include "./CVE_Rules/CVE-2013-0074.yar"
-include "./CVE_Rules/CVE-2013-0422.yar"
-include "./CVE_Rules/CVE-2015-1701.yar"
-include "./CVE_Rules/CVE-2015-2426.yar"
-include "./CVE_Rules/CVE-2015-2545.yar"
-include "./CVE_Rules/CVE-2015-5119.yar"
-include "./CVE_Rules/CVE-2016-5195.yar"
-include "./CVE_Rules/CVE-2017-11882.yar"
-include "./CVE_Rules/CVE-2018-20250.yar"
-include "./CVE_Rules/CVE-2018-4878.yar"
-include "./Capabilities/capabilities.yar"
-include "./Crypto/crypto_signatures.yar"
-include "./Exploit-Kits/EK_Angler.yar"
-include "./Exploit-Kits/EK_Blackhole.yar"
-include "./Exploit-Kits/EK_BleedingLife.yar"
-include "./Exploit-Kits/EK_Crimepack.yar"
-include "./Exploit-Kits/EK_Eleonore.yar"
-include "./Exploit-Kits/EK_Fragus.yar"
-include "./Exploit-Kits/EK_Phoenix.yar"
-include "./Exploit-Kits/EK_Sakura.yar"
-include "./Exploit-Kits/EK_ZeroAcces.yar"
-include "./Exploit-Kits/EK_Zerox88.yar"
-include "./Exploit-Kits/EK_Zeus.yar"
-include "./Malicious_Documents/Maldoc_APT10_MenuPass.yar"
-include "./Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar"
-include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
-include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
-include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
-include "./Malicious_Documents/Maldoc_DDE.yar"
-include "./Malicious_Documents/Maldoc_Dridex.yar"
-include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
-include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
-include "./Malicious_Documents/Maldoc_PDF.yar"
-include "./Malicious_Documents/Maldoc_PowerPointMouse.yar"
-include "./Malicious_Documents/Maldoc_Suspicious_OLE_target.yar"
-include "./Malicious_Documents/Maldoc_UserForm.yar"
-include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
-include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
-include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
-include "./Malicious_Documents/maldoc_somerules.yar"
-include "./Mobile_Malware/Android_ASSDdeveloper.yar"
-include "./Mobile_Malware/Android_AVITOMMS.yar"
-include "./Mobile_Malware/Android_AliPay_smsStealer.yar"
-include "./Mobile_Malware/Android_Amtrckr_20160519.yar"
-include "./Mobile_Malware/Android_Backdoor.yar"
-include "./Mobile_Malware/Android_Backdoor_script.yar"
-include "./Mobile_Malware/Android_BadMirror.yar"
-include "./Mobile_Malware/Android_Banker_Acecard.yar"
-include "./Mobile_Malware/Android_BatteryBot_ClickFraud.yar"
-include "./Mobile_Malware/Android_Clicker_G.yar"
-include "./Mobile_Malware/Android_Copy9.yar"
-include "./Mobile_Malware/Android_DeathRing.yar"
-include "./Mobile_Malware/Android_Dectus_rswm.yar"
-include "./Mobile_Malware/Android_Dendroid_RAT.yar"
-include "./Mobile_Malware/Android_Dogspectus.yar"
-include "./Mobile_Malware/Android_FakeApps.yar"
-include "./Mobile_Malware/Android_FakeBank_Fanta.yar"
-include "./Mobile_Malware/Android_Godless.yar"
-include "./Mobile_Malware/Android_HackintTeam_Implant.yar"
-include "./Mobile_Malware/Android_Libyan_Scorpions.yar"
-include "./Mobile_Malware/Android_MalwareCertificates.yar"
-include "./Mobile_Malware/Android_Malware_Ramsonware.yar"
-include "./Mobile_Malware/Android_Malware_Tinhvan.yar"
-include "./Mobile_Malware/Android_Malware_Towelroot.yar"
-include "./Mobile_Malware/Android_Marcher_2.yar"
-include "./Mobile_Malware/Android_MazarBot_z.yar"
-include "./Mobile_Malware/Android_Metasploit.yar"
-include "./Mobile_Malware/Android_Metasploit_Payload.yar"
-include "./Mobile_Malware/Android_OmniRat.yar"
-include "./Mobile_Malware/Android_Overlayer.yar"
-include "./Mobile_Malware/Android_Pink_Locker.yar"
-include "./Mobile_Malware/Android_Polish_Bankbot.yar"
-include "./Mobile_Malware/Android_RuMMS.yar"
-include "./Mobile_Malware/Android_SMSFraud.yar"
-include "./Mobile_Malware/Android_SandroRat.yar"
-include "./Mobile_Malware/Android_SlemBunk.yar"
-include "./Mobile_Malware/Android_SpyAgent.yar"
-include "./Mobile_Malware/Android_SpyNote.yar"
-include "./Mobile_Malware/Android_Spynet.yar"
-include "./Mobile_Malware/Android_Spywaller.yar"
-include "./Mobile_Malware/Android_Switcher.yar"
-include "./Mobile_Malware/Android_Tachi.yar"
-include "./Mobile_Malware/Android_Tempting_Cedar_Spyware.yar"
-include "./Mobile_Malware/Android_Tordow.yar"
-include "./Mobile_Malware/Android_Triada_Banking.yar"
-include "./Mobile_Malware/Android_Trojan_Dendroid.yar"
-include "./Mobile_Malware/Android_Trojan_Droidjack.yar"
-include "./Mobile_Malware/Android_VikingOrder.yar"
-include "./Mobile_Malware/Android_VirusPolicia.yar"
-include "./Mobile_Malware/Android_adware.yar"
-include "./Mobile_Malware/Android_generic_adware.yar"
-include "./Mobile_Malware/Android_generic_smsfraud.yar"
-include "./Mobile_Malware/Android_malware_Advertising.yar"
-include "./Mobile_Malware/Android_malware_ChinesePorn.yar"
-include "./Mobile_Malware/Android_malware_Dropper.yar"
-include "./Mobile_Malware/Android_malware_Fake_MosKow.yar"
-include "./Mobile_Malware/Android_malware_HackingTeam.yar"
-include "./Mobile_Malware/Android_malware_SMSsender.yar"
-include "./Mobile_Malware/Android_malware_banker.yar"
-include "./Mobile_Malware/Android_malware_xbot007.yar"
-include "./Mobile_Malware/Android_mapin.yar"
-include "./Mobile_Malware/Android_pornClicker.yar"
-include "./Mobile_Malware/Android_sk_bankTr.yar"
-include "./Packers/JJencode.yar"
-include "./Packers/Javascript_exploit_and_obfuscation.yar"
-include "./Packers/packer.yar"
-include "./Packers/packer_compiler_signatures.yar"
-include "./Packers/peid.yar"
-include "./Webshells/WShell_APT_Laudanum.yar"
-include "./Webshells/WShell_ASPXSpy.yar"
-include "./Webshells/WShell_PHP_Anuna.yar"
-include "./Webshells/WShell_PHP_in_images.yar"
-include "./Webshells/WShell_THOR_Webshells.yar"
-include "./Webshells/Wshell_ChineseSpam.yar"
-include "./Webshells/Wshell_fire2013.yar"
+include "./antidebug_antivm/antidebug_antivm.yar"
+include "./capabilities/capabilities.yar"
+include "./crypto/crypto_signatures.yar"
+include "./cve_rules/CVE-2010-0805.yar"
+include "./cve_rules/CVE-2010-0887.yar"
+include "./cve_rules/CVE-2010-1297.yar"
+include "./cve_rules/CVE-2012-0158.yar"
+include "./cve_rules/CVE-2013-0074.yar"
+include "./cve_rules/CVE-2013-0422.yar"
+include "./cve_rules/CVE-2015-1701.yar"
+include "./cve_rules/CVE-2015-2426.yar"
+include "./cve_rules/CVE-2015-2545.yar"
+include "./cve_rules/CVE-2015-5119.yar"
+include "./cve_rules/CVE-2016-5195.yar"
+include "./cve_rules/CVE-2017-11882.yar"
+include "./cve_rules/CVE-2018-20250.yar"
+include "./cve_rules/CVE-2018-4878.yar"
 include "./email/EMAIL_Cryptowall.yar"
 include "./email/attachment.yar"
 include "./email/bank_rule.yar"
@@ -131,6 +26,36 @@ include "./email/email_Ukraine_BE_powerattack.yar"
 include "./email/image.yar"
 include "./email/scam.yar"
 include "./email/urls.yar"
+include "./exploit_kits/EK_Angler.yar"
+include "./exploit_kits/EK_Blackhole.yar"
+include "./exploit_kits/EK_BleedingLife.yar"
+include "./exploit_kits/EK_Crimepack.yar"
+include "./exploit_kits/EK_Eleonore.yar"
+include "./exploit_kits/EK_Fragus.yar"
+include "./exploit_kits/EK_Phoenix.yar"
+include "./exploit_kits/EK_Sakura.yar"
+include "./exploit_kits/EK_ZeroAcces.yar"
+include "./exploit_kits/EK_Zerox88.yar"
+include "./exploit_kits/EK_Zeus.yar"
+include "./maldocs/Maldoc_APT10_MenuPass.yar"
+include "./maldocs/Maldoc_APT19_CVE-2017-1099.yar"
+include "./maldocs/Maldoc_APT_OLE_JSRat.yar"
+include "./maldocs/Maldoc_CVE-2017-0199.yar"
+include "./maldocs/Maldoc_CVE_2017_11882.yar"
+include "./maldocs/Maldoc_CVE_2017_8759.yar"
+include "./maldocs/Maldoc_Contains_VBE_File.yar"
+include "./maldocs/Maldoc_DDE.yar"
+include "./maldocs/Maldoc_Dridex.yar"
+include "./maldocs/Maldoc_Hidden_PE_file.yar"
+include "./maldocs/Maldoc_MIME_ActiveMime_b64.yar"
+include "./maldocs/Maldoc_PDF.yar"
+include "./maldocs/Maldoc_PowerPointMouse.yar"
+include "./maldocs/Maldoc_Suspicious_OLE_target.yar"
+include "./maldocs/Maldoc_UserForm.yar"
+include "./maldocs/Maldoc_VBA_macro_code.yar"
+include "./maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar"
+include "./maldocs/Maldoc_malrtf_ole2link.yar"
+include "./maldocs/maldoc_somerules.yar"
 include "./malware/000_common_rules.yar"
 include "./malware/APT_APT1.yar"
 include "./malware/APT_APT10.yar"
@@ -267,6 +192,7 @@ include "./malware/MALW_Exploit_UAC_Elevators.yar"
 include "./malware/MALW_Ezcob.yar"
 include "./malware/MALW_F0xy.yar"
 include "./malware/MALW_FALLCHILL.yar"
+include "./malware/MALW_FUDCrypt.yar"
 include "./malware/MALW_FakeM.yar"
 include "./malware/MALW_Fareit.yar"
 include "./malware/MALW_Favorite.yar"
@@ -303,6 +229,7 @@ include "./malware/MALW_LinuxMoose.yar"
 include "./malware/MALW_LostDoor.yar"
 include "./malware/MALW_LuaBot.yar"
 include "./malware/MALW_LuckyCat.yar"
+include "./malware/MALW_MSILStealer.yar"
 include "./malware/MALW_MacControl.yar"
 include "./malware/MALW_Madness.yar"
 include "./malware/MALW_Magento_backend.yar"
@@ -453,6 +380,7 @@ include "./malware/RANSOM_GPGQwerty.yar"
 include "./malware/RANSOM_GoldenEye.yar"
 include "./malware/RANSOM_Locky.yar"
 include "./malware/RANSOM_MS17-010_Wannacrypt.yar"
+include "./malware/RANSOM_Maze.yar"
 include "./malware/RANSOM_PetrWrap.yar"
 include "./malware/RANSOM_Petya.yar"
 include "./malware/RANSOM_SamSam.yar"
@@ -506,3 +434,16 @@ include "./malware/TOOLKIT_Pwdump.yar"
 include "./malware/TOOLKIT_THOR_HackTools.yar"
 include "./malware/TOOLKIT_Wineggdrop.yar"
 include "./malware/TOOLKIT_exe2hex_payload.yar"
+include "./packers/JJencode.yar"
+include "./packers/Javascript_exploit_and_obfuscation.yar"
+include "./packers/packer.yar"
+include "./packers/packer_compiler_signatures.yar"
+include "./packers/peid.yar"
+include "./webshells/WShell_APT_Laudanum.yar"
+include "./webshells/WShell_ASPXSpy.yar"
+include "./webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_PHP_Anuna.yar"
+include "./webshells/WShell_PHP_in_images.yar"
+include "./webshells/WShell_THOR_Webshells.yar"
+include "./webshells/Wshell_ChineseSpam.yar"
+include "./webshells/Wshell_fire2013.yar"
--- a/Malicious_Documents/Maldoc_APT10_MenuPass.yar
+++ b/Malicious_Documents/Maldoc_APT10_MenuPass.yar
--- a/Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar
+++ b/Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar
--- a/Malicious_Documents/Maldoc_APT_OLE_JSRat.yar
+++ b/Malicious_Documents/Maldoc_APT_OLE_JSRat.yar
--- a/Malicious_Documents/Maldoc_CVE-2017-0199.yar
+++ b/Malicious_Documents/Maldoc_CVE-2017-0199.yar
--- a/Malicious_Documents/Maldoc_CVE_2017_11882.yar
+++ b/Malicious_Documents/Maldoc_CVE_2017_11882.yar
--- a/Malicious_Documents/Maldoc_CVE_2017_8759.yar
+++ b/Malicious_Documents/Maldoc_CVE_2017_8759.yar
--- a/Malicious_Documents/Maldoc_Contains_VBE_File.yar
+++ b/Malicious_Documents/Maldoc_Contains_VBE_File.yar
--- a/Malicious_Documents/Maldoc_DDE.yar
+++ b/Malicious_Documents/Maldoc_DDE.yar
--- a/Malicious_Documents/Maldoc_Dridex.yar
+++ b/Malicious_Documents/Maldoc_Dridex.yar
--- a/Malicious_Documents/Maldoc_Hidden_PE_file.yar
+++ b/Malicious_Documents/Maldoc_Hidden_PE_file.yar
--- a/Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar
+++ b/Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar
--- a/Malicious_Documents/Maldoc_PDF.yar
+++ b/Malicious_Documents/Maldoc_PDF.yar
--- a/Malicious_Documents/Maldoc_PowerPointMouse.yar
+++ b/Malicious_Documents/Maldoc_PowerPointMouse.yar
--- a/Malicious_Documents/Maldoc_Suspicious_OLE_target.yar
+++ b/Malicious_Documents/Maldoc_Suspicious_OLE_target.yar
--- a/Malicious_Documents/Maldoc_UserForm.yar
+++ b/Malicious_Documents/Maldoc_UserForm.yar
--- a/Malicious_Documents/Maldoc_VBA_macro_code.yar
+++ b/Malicious_Documents/Maldoc_VBA_macro_code.yar
--- a/Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar
+++ b/Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar
--- a/Malicious_Documents/Maldoc_hancitor_dropper
+++ b/Malicious_Documents/Maldoc_hancitor_dropper
--- a/Malicious_Documents/Maldoc_malrtf_ole2link.yar
+++ b/Malicious_Documents/Maldoc_malrtf_ole2link.yar
--- a/Malicious_Documents/maldoc_somerules.yar
+++ b/Malicious_Documents/maldoc_somerules.yar
--- a/maldocs_index.yar
+++ b/maldocs_index.yar
+/*
+Generated by Yara-Rules
+On 08-01-2020
+*/
+include "./maldocs/Maldoc_APT10_MenuPass.yar"
+include "./maldocs/Maldoc_APT19_CVE-2017-1099.yar"
+include "./maldocs/Maldoc_APT_OLE_JSRat.yar"
+include "./maldocs/Maldoc_CVE-2017-0199.yar"
+include "./maldocs/Maldoc_CVE_2017_11882.yar"
+include "./maldocs/Maldoc_CVE_2017_8759.yar"
+include "./maldocs/Maldoc_Contains_VBE_File.yar"
+include "./maldocs/Maldoc_DDE.yar"
+include "./maldocs/Maldoc_Dridex.yar"
+include "./maldocs/Maldoc_Hidden_PE_file.yar"
+include "./maldocs/Maldoc_MIME_ActiveMime_b64.yar"
+include "./maldocs/Maldoc_PDF.yar"
+include "./maldocs/Maldoc_PowerPointMouse.yar"
+include "./maldocs/Maldoc_Suspicious_OLE_target.yar"
+include "./maldocs/Maldoc_UserForm.yar"
+include "./maldocs/Maldoc_VBA_macro_code.yar"
+include "./maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar"
+include "./maldocs/Maldoc_malrtf_ole2link.yar"
+include "./maldocs/maldoc_somerules.yar"
--- a/malware_index.yar
+++ b/malware_index.yar
 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
 include "./malware/000_common_rules.yar"
 include "./malware/APT_APT1.yar"
@@ -138,6 +138,7 @@ include "./malware/MALW_Exploit_UAC_Elevators.yar"
 include "./malware/MALW_Ezcob.yar"
 include "./malware/MALW_F0xy.yar"
 include "./malware/MALW_FALLCHILL.yar"
+include "./malware/MALW_FUDCrypt.yar"
 include "./malware/MALW_FakeM.yar"
 include "./malware/MALW_Fareit.yar"
 include "./malware/MALW_Favorite.yar"
@@ -174,6 +175,7 @@ include "./malware/MALW_LinuxMoose.yar"
 include "./malware/MALW_LostDoor.yar"
 include "./malware/MALW_LuaBot.yar"
 include "./malware/MALW_LuckyCat.yar"
+include "./malware/MALW_MSILStealer.yar"
 include "./malware/MALW_MacControl.yar"
 include "./malware/MALW_Madness.yar"
 include "./malware/MALW_Magento_backend.yar"
@@ -324,6 +326,7 @@ include "./malware/RANSOM_GPGQwerty.yar"
 include "./malware/RANSOM_GoldenEye.yar"
 include "./malware/RANSOM_Locky.yar"
 include "./malware/RANSOM_MS17-010_Wannacrypt.yar"
+include "./malware/RANSOM_Maze.yar"
 include "./malware/RANSOM_PetrWrap.yar"
 include "./malware/RANSOM_Petya.yar"
 include "./malware/RANSOM_SamSam.yar"