Skip to content

R
rules
Commit f2a26d2a by mmorenog Committed by GitHub
Options

Update APT_OPCleaver.yar

parent 8cba4d5a
Showing with 5 additions and 5 deletions
malware/APT_OPCleaver.yar
...@@ -18,7 +18,7 @@ rule ZhoupinExploitCrew ...@@ -18,7 +18,7 @@ rule ZhoupinExploitCrew
1 of them 1 of them
} }
rule BackDoorLogger rule BackDoorLogger : Backdoor APT
{ {
meta: meta:
author = "Cylance" author = "Cylance"
...@@ -31,7 +31,7 @@ rule BackDoorLogger ...@@ -31,7 +31,7 @@ rule BackDoorLogger
all of them all of them
} }
rule Jasus rule Jasus : APT
{ {
meta: meta:
author = "Cylance" author = "Cylance"
...@@ -134,7 +134,7 @@ rule TinyZBot ...@@ -134,7 +134,7 @@ rule TinyZBot
($s1 and $s2) or ($s3 and $s4 and $s5) or ($s6 and $s7 and $s8) or ($s9) ($s1 and $s2) or ($s3 and $s4 and $s5) or ($s6 and $s7 and $s8) or ($s9)
} }
rule antivirusdetector rule antivirusdetector : antivirus
{ {
meta: meta:
author = "Cylance" author = "Cylance"
...@@ -175,7 +175,7 @@ rule kagent ...@@ -175,7 +175,7 @@ rule kagent
all of them all of them
} }
rule mimikatzWrapper rule mimikatzWrapper : Toolkit
{ {
meta: meta:
author = "Cylance" author = "Cylance"
...@@ -253,7 +253,7 @@ rule zhLookUp ...@@ -253,7 +253,7 @@ rule zhLookUp
all of them all of them
} }
rule zhmimikatz rule zhmimikatz : Toolkit
{ {
meta: meta:
author = "Cylance" author = "Cylance"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment