Update YARA_Rule_Bitter_Variant1_August_2019.txt

2019-08-27 14:28:04 +02:00 · 2019-08-27 14:28:04 +02:00 · 6dc189293f
commit 6dc189293f
parent 5eacdead31
1 changed files with 10 additions and 10 deletions
--- a/organization/Bitter/27-08-19/YARA_Rule_Bitter_Variant1_August_2019.txt
+++ b/organization/Bitter/27-08-19/YARA_Rule_Bitter_Variant1_August_2019.txt
@ -20,15 +20,15 @@ rule ArtraDownlaoder_bin_Variant1
    strings:
        $string1 = "bqqmjdbujpo0y.xxx.gpsn.vsmfodpefe"
-		$string2 = "=%s&st=%d"
+	$string2 = "=%s&st=%d"
        $string3 = "Content-length: %d"                                
        $string4 = "0I0N0V0\\0o0v0"
        $string5 = "ID=%s"
        $string6 = "QPTU"
-		$string7 = "lffq.bmjwf"
+	$string7 = "lffq.bmjwf"
-		$string8 = "Dpoofdujpo"
+	$string8 = "Dpoofdujpo"
-		$string9 = "Iptu;"
+	$string9 = "Iptu;"
-		$string10 = "IUUQ02/1"
+	$string10 = "IUUQ02/1"
    condition:
    uint16(0) == 0x5A4D and all of ($string*) and filesize < 100KB
@ -45,15 +45,15 @@ rule ArtraDownlaoder_mem_Variant1
    strings:
        $string1 = "bqqmjdbujpo0y.xxx.gpsn.vsmfodpefe"
-		$string2 = "=%s&st=%d"
+	$string2 = "=%s&st=%d"
        $string3 = "Content-length: %d"                                
        $string4 = "0I0N0V0\\0o0v0"
        $string5 = "ID=%s"
        $string6 = "QPTU"
-		$string7 = "lffq.bmjwf"
+	$string7 = "lffq.bmjwf"
-		$string8 = "Dpoofdujpo"
+	$string8 = "Dpoofdujpo"
-		$string9 = "Iptu;"
+	$string9 = "Iptu;"
-		$string10 = "IUUQ02/1"
+	$string10 = "IUUQ02/1"
    condition:
        all of ($string*) and filesize > 100KB