Update and rename APT_passthehashtoolkit.yar to Tool_passthehashtoolkit.yar

malware/APT_passthehashtoolkit.yar → malware/Tool_passthehashtoolkit.yar

@@ -2,7 +2,7 @@
     This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.
 
 */
-rule whosthere_alt {
+rule whosthere_alt : Toolkit {
 	meta:
 		description = "Auto-generated rule - file whosthere-alt.exe"
 		author = "Florian Roth"
@@ -23,7 +23,7 @@ rule whosthere_alt {
 		uint16(0) == 0x5a4d and filesize < 280KB and 2 of them
 }
 
-rule iam_alt_iam_alt {
+rule iam_alt_iam_alt : Toolkit  {
 	meta:
 		description = "Auto-generated rule - file iam-alt.exe"
 		author = "Florian Roth"
@@ -44,7 +44,7 @@ rule iam_alt_iam_alt {
 		uint16(0) == 0x5a4d and filesize < 240KB and 2 of them
 }
 
-rule genhash_genhash {
+rule genhash_genhash : Toolkit  {
 	meta:
 		description = "Auto-generated rule - file genhash.exe"
 		author = "Florian Roth"
@@ -62,7 +62,7 @@ rule genhash_genhash {
 		uint16(0) == 0x5a4d and filesize < 200KB and 2 of them
 }
 
-rule iam_iamdll {
+rule iam_iamdll : Toolkit  {
 	meta:
 		description = "Auto-generated rule - file iamdll.dll"
 		author = "Florian Roth"
@@ -78,7 +78,7 @@ rule iam_iamdll {
 		uint16(0) == 0x5a4d and filesize < 115KB and all of them
 }
 
-rule iam_iam {
+rule iam_iam : Toolkit  {
 	meta:
 		description = "Auto-generated rule - file iam.exe"
 		author = "Florian Roth"
@@ -98,7 +98,7 @@ rule iam_iam {
 		uint16(0) == 0x5a4d and filesize < 300KB and all of them
 }
 
-rule whosthere_alt_pth {
+rule whosthere_alt_pth : Toolkit  {
 	meta:
 		description = "Auto-generated rule - file pth.dll"
 		author = "Florian Roth"
@@ -116,7 +116,7 @@ rule whosthere_alt_pth {
 		uint16(0) == 0x5a4d and filesize < 240KB and 4 of them
 }
 
-rule whosthere {
+rule whosthere : Toolkit  {
 	meta:
 		description = "Auto-generated rule - file whosthere.exe"
 		author = "Florian Roth"