Update APT_OPCleaver.yar

f2a26d2a · mmorenog · GitHub · 8cba4d5a · f2a26d2a
Commit f2a26d2a authored Jul 20, 2016 by mmorenog Committed by GitHub Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

APT_OPCleaver.yar malware/APT_OPCleaver.yar +5 -5

No files found.
--- a/malware/APT_OPCleaver.yar
+++ b/malware/APT_OPCleaver.yar
@@ -18,7 +18,7 @@ rule ZhoupinExploitCrew
  	1 of them
 }

-rule BackDoorLogger
+rule BackDoorLogger : Backdoor APT
 {
  meta:
    author = "Cylance"
@@ -31,7 +31,7 @@ rule BackDoorLogger
    all of them
 }

-rule Jasus
+rule Jasus : APT 
 {
  meta:
    author = "Cylance"
@@ -134,7 +134,7 @@ rule TinyZBot
    ($s1 and $s2) or ($s3 and $s4 and $s5) or ($s6 and $s7 and $s8) or ($s9)
 }

-rule antivirusdetector
+rule antivirusdetector : antivirus
 {
  meta:
    author = "Cylance"
@@ -175,7 +175,7 @@ rule kagent
    all of them
 }

-rule mimikatzWrapper
+rule mimikatzWrapper : Toolkit
 {
  meta:
    author = "Cylance"
@@ -253,7 +253,7 @@ rule zhLookUp
    all of them
 }

-rule zhmimikatz
+rule zhmimikatz : Toolkit
 {
  meta:
    author = "Cylance"