From 5fb5a6230bc8baeb292a603751959d6117c8f267 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Thu, 14 May 2020 23:49:37 +0200
Subject: [PATCH] Update and rename Lazarus_ELF_RAT_Dacls_May_2020_1.yar to
 Lazarus_ MACH-O_RAT_Dacls_May_2020_1.yar

---
 ...ay_2020_1.yar => Lazarus_ MACH-O_RAT_Dacls_May_2020_1.yar} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename North Korea/APT/Lazarus/2020-05-05/Yara/{Lazarus_ELF_RAT_Dacls_May_2020_1.yar => Lazarus_ MACH-O_RAT_Dacls_May_2020_1.yar} (90%)

diff --git a/North Korea/APT/Lazarus/2020-05-05/Yara/Lazarus_ELF_RAT_Dacls_May_2020_1.yar b/North Korea/APT/Lazarus/2020-05-05/Yara/Lazarus_ MACH-O_RAT_Dacls_May_2020_1.yar
similarity index 90%
rename from North Korea/APT/Lazarus/2020-05-05/Yara/Lazarus_ELF_RAT_Dacls_May_2020_1.yar
rename to North Korea/APT/Lazarus/2020-05-05/Yara/Lazarus_ MACH-O_RAT_Dacls_May_2020_1.yar
index 947b1e8..838a2e0 100644
--- a/North Korea/APT/Lazarus/2020-05-05/Yara/Lazarus_ELF_RAT_Dacls_May_2020_1.yar	
+++ b/North Korea/APT/Lazarus/2020-05-05/Yara/Lazarus_ MACH-O_RAT_Dacls_May_2020_1.yar	
@@ -1,6 +1,6 @@
-rule Lazarus_ELF_Dacls_May_2020_1 {
+rule Lazarus_MACH-O_Dacls_May_2020_1 {
    meta:
-      description = "Detect ELF RAT Dacls by the strings (May 2020)"
+      description = "Detect MACH-O RAT Dacls by the strings (May 2020)"
       author = "Arkbird_SOLG"
       reference = "https://twitter.com/philofishal/status/1257669351899086849"
       date = "2020-05-10"