feat: added another malware and update reference

malware_alina.yaml

@@ -4,10 +4,7 @@ info:
   name: Alina Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2014-08-09"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Alina.yar
   tags: malware,file
 
 file:

malware_andromeda.yaml

@@ -4,10 +4,7 @@ info:
   name: Andromeda Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2014-03-13"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Andromeda.yar
   tags: malware,file
 
 file:

malware_arkei.yaml

@@ -4,10 +4,7 @@ info:
   name: Arkei Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Fumik0_"
-    date: "2014-07-10"
-    hash: "5632c89fe4c7c2c87b69d787bbf0a5b4cc535f1aa02699792888c60e0ef88fc5"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Arkei.yar
   tags: malware,file
 
 file:

malware_backoff.yaml

@@ -4,10 +4,7 @@ info:
   name: Backoff Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2014-08-21"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Backoff.yar
   tags: malware,file
 
 file:

malware_blackworm.yaml

@@ -4,10 +4,7 @@ info:
   name: Blackworm Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2015-05-20"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_BlackWorm.yar
   tags: malware,file
 
 file:

malware_bublik.yaml

@@ -4,9 +4,7 @@ info:
   name: Bublik Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Kevin Falcoz"
-    date: "29/09/2013"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Bublik.yar
   tags: malware,file
 
 file:

malware_cap_hookexkeylogger.yaml

@@ -0,0 +1,35 @@
+id: malware_cap_hookexkeylogger
+
+info:
+  name: CAP HookExKeylogger Malware Detector
+  author: daffainfo
+  severity: critical
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_CAP_HookExKeylogger.yar
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "SetWindowsHookEx"
+          - "WH_KEYBOARD_LL"
+        condition: and
+        case-insensitive: true
+
+      - type: word
+        words:
+          - "SetWindowsHookEx"
+          - "WH_KEYBOARD"
+        condition: and
+        case-insensitive: true
+
+      - type: word
+        words:
+          - "WH_KEYBOARD"
+          - "WH_KEYBOARD_LL"
+        condition: and
+        case-insensitive: true

malware_cxpid.yaml

@@ -4,6 +4,7 @@ info:
   name: Cxpid Malware Detector
   author: daffainfo
   severity: critical
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cxpid.yar
   tags: malware,file
 
 file:

malware_cythosia.yaml

@@ -4,10 +4,7 @@ info:
   name: Cythosia Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2015-03-21"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cythosia.yar
   tags: malware,file
 
 file:

malware_ddostf.yaml

@@ -4,9 +4,9 @@ info:
   name: DDoSTf Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "benkow_ - MalwareMustDie"
-  reference: http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html
+  reference:
+    - http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DDoSTf.yar
   tags: malware,file
 
 file:

malware_derkziel.yaml

@@ -4,10 +4,9 @@ info:
   name: Derkziel Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "The Malware Hunter"
-    date: "2015-11"
-  reference: https://bhf.su/threads/137898/
+  reference:
+    - https://bhf.su/threads/137898/
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Derkziel.yar
   tags: malware,file
 
 file:

malware_dexter.yaml

@@ -4,10 +4,9 @@ info:
   name: Dexter Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Florian Roth"
-    date: "2015/02/10"
-  reference: http://goo.gl/oBvy8b
+  reference:
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Dexter.yar
+    - http://goo.gl/oBvy8b
   tags: malware,file
 
 file:

malware_diamondfox.yaml

@@ -4,10 +4,7 @@ info:
   name: DiamondFox Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2015-08-22"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DiamondFox.yar
   tags: malware,file
 
 file:

malware_eicar.yaml

@@ -4,9 +4,7 @@ info:
   name: Eicar Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Marc Rivero | @seifreed"
-    hash: "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Eicar.yar
   tags: malware,file
 
 file:

malware_ezcob.yaml

@@ -4,9 +4,7 @@ info:
   name: Ezcob Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-23"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Ezcob.yar
   tags: malware,file
 
 file:

malware_fudcrypt.yaml

@@ -4,10 +4,9 @@ info:
   name: FUDCrypt Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://github.com/gigajew/FudCrypt/
-  metadata:
-    author_original: "https://github.com/hwvs"
-    date: "2019-11-21"
+  reference:
+    - https://github.com/gigajew/FudCrypt/
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_FUDCrypt.yar
   tags: malware,file
 
 file:

malware_gafgyt_bash.yaml

@@ -4,11 +4,7 @@ info:
   name: Gafgyt Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-05-25"
-    MD5: "c8d58acfe524a09d4df7ffbe4a43c429"
-    SHA1: "b41fefa8470f3b3657594af18d2ea4f6ac4d567f"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
   tags: malware,file
 
 file:

malware_gafgyt_generic.yaml

@@ -4,11 +4,7 @@ info:
   name: Gafgyt Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-05-01"
-    MD5: "e3fac853203c3f1692af0101eaad87f1"
-    SHA1: "710781e62d49419a3a73624f4a914b2ad1684c6a"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
   tags: malware,file
 
 file:

malware_gafgyt_hihi.yaml

@@ -4,11 +4,7 @@ info:
   name: Gafgyt Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-05-01"
-    MD5: "cc99e8dd2067fd5702a4716164865c8a"
-    SHA1: "b9b316c1cc9f7a1bf8c70400861de08d95716e49"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
   tags: malware,file
 
 file:

malware_gafgyt_hoho.yaml

@@ -4,11 +4,7 @@ info:
   name: Gafgyt Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-05-25"
-    MD5: "369c7c66224b343f624803d595aa1e09"
-    SHA1: "54519d2c124cb536ed0ddad5683440293d90934f"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
   tags: malware,file
 
 file:

malware_gafgyt_jackmy.yaml

@@ -4,11 +4,7 @@ info:
   name: Gafgyt Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-05-25"
-    MD5: "419b8a10a3ac200e7e8a0c141b8abfba"
-    SHA1: "5433a5768c5d22dabc4d133c8a1d192d525939d5"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
   tags: malware,file
 
 file:

malware_gafgyt_oh.yaml

@@ -4,11 +4,7 @@ info:
   name: Gafgyt Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-05-25"
-    MD5: "97f5edac312de349495cb4afd119d2a5"
-    SHA1: "916a51f2139f11e8be6247418dca6c41591f4557"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar
   tags: malware,file
 
 file:

malware_genome.yaml

@@ -4,10 +4,7 @@ info:
   name: Genome Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2014-09-07"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Genome.yar
   tags: malware,file
 
 file:

malware_glasses.yaml

@@ -4,11 +4,9 @@ info:
   name: Glasses Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2021-11-18"
-    SHA1: "aaf262fde1738dbf0bb50213a9624cd6705ebcaeb06c5fcaf7e9f33695d3fc33"
+  reference:
+    - https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Glasses.yar
   tags: malware,file
 
 file:

malware_gozi.yaml

@@ -4,9 +4,9 @@ info:
   name: Gozi Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
-  metadata:
-    author_original: "CCN-CERT"
+  reference:
+    - https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gozi.yar
   tags: malware,file
 
 file:

malware_grozlex.yaml

@@ -4,10 +4,9 @@ info:
   name: Grozlex Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
-  metadata:
-    author_original: "Kevin Falcoz"
-    date: "20/08/2013"
+  reference:
+    - https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Grozlex.yar
   tags: malware,file
 
 file:

malware_insta11.yaml

@@ -4,9 +4,7 @@ info:
   name: Insta11 Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-23"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Install11.yar
   tags: malware,file
 
 file:

malware_intel_virtualization.yaml

@@ -4,9 +4,7 @@ info:
   name: Intel Virtualization Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-23"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Intel_Virtualization.yar
   tags: malware,file
 
 file:

malware_iotreaper.yaml

@@ -4,9 +4,7 @@ info:
   name: IotReaper Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-23"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_IotReaper.yar
   tags: malware,file
 
 file:

malware_linux_aesddos.yaml

@@ -0,0 +1,34 @@
+id: malware_linux_aesddos
+
+info:
+  name: Linux AESDDOS Malware Detector
+  author: daffainfo
+  severity: critical
+  reference:
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
+    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "3AES"
+          - "Hacker"
+        condition: and
+
+      - type: word
+        words:
+          - "3AES"
+          - "VERSONEX"
+        condition: and
+
+      - type: word
+        words:
+          - "VERSONEX"
+          - "Hacker"
+        condition: and

malware_linux_billgates.yaml

@@ -0,0 +1,22 @@
+id: malware_linux_billgates
+
+info:
+  name: Linux BillGates Malware Detector
+  author: daffainfo
+  severity: critical
+  reference:
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
+    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3429
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "12CUpdateGates"
+          - "11CUpdateBill"
+        condition: and

malware_linux_elknot.yaml

@@ -0,0 +1,22 @@
+id: malware_linux_elknot
+
+info:
+  name: Linux Elknot Malware Detector
+  author: daffainfo
+  severity: critical
+  reference:
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
+    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "ZN8CUtility7DeCryptEPciPKci"
+          - "ZN13CThreadAttack5StartEP11CCmdMessage"
+        condition: and

malware_linux_mrblack.yaml

@@ -0,0 +1,22 @@
+id: malware_linux_mrblack
+
+info:
+  name: Linux MrBlack Malware Detector
+  author: daffainfo
+  severity: critical
+  reference:
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
+    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Mr.Black"
+          - "VERS0NEX:%s|%d|%d|%s"
+        condition: and

malware_linux_tsunami.yaml

@@ -0,0 +1,21 @@
+id: malware_linux_tsunami
+
+info:
+  name: Linux Tsunami Malware Detector
+  author: daffainfo
+  severity: critical
+  reference:
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar
+    - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: word
+        words:
+          - "PRIVMSG %s :[STD]Hitting %s"
+          - "NOTICE %s :TSUNAMI <target> <secs>"
+          - "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually."

malware_macgyver.yaml

@@ -4,11 +4,9 @@ info:
   name: MacGyver.cap Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
-  metadata:
-    author_original: "xylitol@temari.fr"
-    date: "2021-05-11"
-    hash1: "9dc70002e82c78ee34c813597925c6cf8aa8d68b7e9ce5bcc70ea9bcab9dbf4a"
+  reference:
+    - https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar
   tags: malware,file
 
 file:

malware_macgyver_installer.yaml

@@ -4,20 +4,9 @@ info:
   name: MacGyver.cap Installer Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
-  metadata:
-    author_original: "xylitol@temari.fr"
-    date: "2021-05-11"
-    hash1: "bb828eb0bbebabbcb51f490f4a0c08dd798b1f350dddddb6c00abcb6f750069f"
-    hash2: "04f0c9904675c7cf80ff1962bec5ef465ccf8c29e668f3158ec262414a6cc6eb"
-    hash3: "7335cd56a9ac08c200cca7e25b939e9c4ffa4d508207e68bee01904bf20a6528"
-    hash4: "af542ccb415647dbd80df902858a3d150a85f37992a35f29999eed76ac01a12b"
-    hash5: "247484124f4879bfacaae73ea32267e2c1e89773986df70a5f3456b1fb944c58"
-    hash6: "1cc8a2f3ce12f4b8356bda8b4aaf61d510d1078112af1c14cf4583090e062fbe"
-    hash7: "c23411deeec790e2dba37f4c49c7ecac3c867b7012431c9281ed748519eda65c"
-    hash8: "c0d11ed2eed0fef8d2f53920a1e12f667e03eafdb2d2941473d120e9e6f0e657"
-    hash9: "1ecfd3755eba578108363c0705c6ec205972080739ed0fbd17439f8139ba7e08" 
-    hash10: "87678c6dcf0065ffc487a284b9f79bd8c0815c5c621fc92f83df24393bfcc660"
+  reference:
+    - https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar
   tags: malware,file
 
 file:

malware_madness.yaml

@@ -4,10 +4,9 @@ info:
   name: Madness DDOS Malware Detector
   author: daffainfo
   severity: critical
-  reference: https://github.com/arbor/yara/blob/master/madness.yara
-  metadata:
-    author_original: "Jason Jones <jasonjones@arbor.net>"
-    date: "2014-01-15"
+  reference:
+    - https://github.com/arbor/yara/blob/master/madness.yara
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Madness.yar
   tags: malware,file
 
 file:

malware_miner.yaml

@@ -4,8 +4,7 @@ info:
   name: Miner Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Akamai CSIRT"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XMRIG_Miner.yar
   tags: malware,file
 
 file:

malware_miniasp3.yaml

@@ -0,0 +1,54 @@
+id: malware_miniasp3
+
+info:
+  name: MiniASP3 Malware Detector
+  author: daffainfo
+  severity: critical
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MiniAsp3_mem.yar
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "MiniAsp3\\Release\\MiniAsp.pdb"
+          - "http://%s/about.htm"
+          - "http://%s/result_%s.htm"
+          - "open internet failed…"
+        condition: and
+
+      - type: word
+        words:
+          - "MiniAsp3\\Release\\MiniAsp.pdb"
+          - "http://%s/about.htm"
+          - "http://%s/result_%s.htm"
+          - "run error!"
+        condition: and
+
+      - type: word
+        words:
+          - "MiniAsp3\\Release\\MiniAsp.pdb"
+          - "http://%s/about.htm"
+          - "http://%s/result_%s.htm"
+          - "run ok!"
+        condition: and
+
+      - type: word
+        words:
+          - "MiniAsp3\\Release\\MiniAsp.pdb"
+          - "http://%s/about.htm"
+          - "http://%s/result_%s.htm"
+          - "time out,change to mode 0"
+        condition: and
+
+      - type: word
+        words:
+          - "MiniAsp3\\Release\\MiniAsp.pdb"
+          - "http://%s/about.htm"
+          - "http://%s/result_%s.htm"
+          - "command is null!"
+        condition: and

malware_naikon.yaml

@@ -0,0 +1,30 @@
+id: malware_naikon
+
+info:
+  name: Naikon Malware Detector
+  author: daffainfo
+  severity: critical
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naikon.yar
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: or
+    matchers:
+      - type: binary
+        binary:
+          - "0FAFC1C1E01F"
+          - "355A010000"
+          - "81C27F140600"
+        condition: and
+
+      - type: word
+        words:
+          - "NOKIAN95/WEB"
+          - "/tag=info&id=15"
+          - "skg(3)=&3.2d_u1"
+          - "\\Temp\\iExplorer.exe"
+          - "\\Temp\\\"TSG\""
+        condition: or

malware_naspyupdate.yaml

@@ -0,0 +1,26 @@
+id: malware_naspyupdate
+
+info:
+  name: nAspyUpdate Malware Detector
+  author: daffainfo
+  severity: critical
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naspyupdate.yar
+  tags: malware,file
+
+file:
+  - extensions:
+      - all
+
+    matchers-condition: or
+    matchers:
+      - type: binary
+        binary:
+          - "8A5424148A0132C202C28801414E75F4"
+
+      - type: word
+        words:
+          - "\\httpclient.txt"
+          - "password <=14"
+          - "/%ldn.txt"
+          - "Kill You\x00"
+        condition: or

malware_notepad.yaml

@@ -4,10 +4,7 @@ info:
   name: Notepad v1.1 Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "RSA_IR"
-    date: "4Jun13"
-    MD5: "106E63DBDA3A76BEEB53A8BBD8F98927"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Notepad.yar
   tags: malware,file
 
 file:

malware_olyx.yaml

@@ -4,9 +4,7 @@ info:
   name: Olyx Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-19"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Olyx.yar
   tags: malware,file
 
 file:

malware_osx_leverage.yaml

@@ -4,9 +4,7 @@ info:
   name: OSX Leverage Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "earada@alienvault.com"
-    date: "2013/09"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_OSX_Leverage.yar
   tags: malware,file
 
 file:

malware_pony.yaml

@@ -4,10 +4,7 @@ info:
   name: Pony Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Brian Wallace @botnet_hunter"
-    author_original_email: "bwall@ballastsecurity.net"
-    date: "2014-08-16"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Pony.yar
   tags: malware,file
 
 file:

malware_pubsab.yaml

@@ -4,9 +4,7 @@ info:
   name: PubSab Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-19"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PubSab.yar
   tags: malware,file
 
 file:

malware_pypi.yaml

@@ -4,10 +4,9 @@ info:
   name: Fake PyPI Malware Detector
   author: daffainfo
   severity: critical
-  reference: http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
-  metadata:
-    author_original: "@bartblaze"
-    date: "2017-09"
+  reference:
+    - http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PyPI.yar
   tags: malware,file
 
 file:

malware_t5000.yaml

@@ -4,9 +4,7 @@ info:
   name: T5000 Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-06-26"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_T5000.yar
   tags: malware,file
 
 file:

malware_tedroo.yaml

@@ -4,9 +4,7 @@ info:
   name: Tedroo Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Kevin Falcoz"
-    date: "22/11/2015"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Tedroo.yar
   tags: malware,file
 
 file:

malware_treasurehunt.yaml

@@ -4,10 +4,9 @@ info:
   name: Trickbot Malware Detector
   author: daffainfo
   severity: critical
-  reference: http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed
-  metadata:
-    author_original: "Minerva Labs"
-    date: "2016/06"
+  reference:
+    - http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed
+    - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TreasureHunt.yar
   tags: malware,file
 
 file:

malware_trickbot.yaml

@@ -4,8 +4,7 @@ info:
   name: Trickbot Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Marc Salinas @Bondey_m"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TrickBot.yar
   tags: malware,file
 
 file:

malware_trumpbot.yaml

@@ -4,11 +4,7 @@ info:
   name: TrumpBot Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @joanbtl"
-    date: "2017-04-16"
-    MD5: "77122e0e6fcf18df9572d80c4eedd88d"
-    SHA1: "108ee460d4c11ea373b7bba92086dd8023c0654f"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Trumpbot.yar
   tags: malware,file
 
 file:

malware_universal_1337.yaml

@@ -4,9 +4,7 @@ info:
   name: Universal 1337 Stealer Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Kevin Falcoz"
-    date: "24/02/2013"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Stealer.yar
   tags: malware,file
 
 file:

malware_urausy.yaml

@@ -4,8 +4,7 @@ info:
   name: Urausy Skype Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "AlienVault Labs"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Urausy.yar
   tags: malware,file
 
 file:

malware_wabot.yaml

@@ -4,9 +4,7 @@ info:
   name: Warp Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Kevin Falcoz"
-    date: "14/08/2015"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Wabot.yar
   tags: malware,file
 
 file:

malware_warp.yaml

@@ -4,9 +4,7 @@ info:
   name: Warp Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-07-10"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Warp.yar
   tags: malware,file
 
 file:

malware_xhide.yaml

@@ -4,11 +4,7 @@ info:
   name: xHide Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Joan Soriano / @w0lfvan"
-    date: "2017-12-01"
-    MD5: "c644c04bce21dacdeb1e6c14c081e359"
-    SHA256: "59f5b21ef8a570c02453b5edb0e750a42a1382f6"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XHide.yar
   tags: malware,file
 
 file:

malware_xor_ddos.yaml

@@ -4,8 +4,7 @@ info:
   name: XOR_DDosv1 Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Akamai CSIRT"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XOR_DDos.yar
   tags: malware,file
 
 file:

malware_yayih.yaml

@@ -1,12 +1,10 @@
 id: malware_yayih
 
 info:
-  name: Glasses Malware Detector
+  name: Yayih Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Seth Hardy"
-    date: "2014-07-11"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Yayih.yar
   tags: malware,file
 
 file:

malware_zeghost.yaml

@@ -4,9 +4,7 @@ info:
   name: Zegost Malware Detector
   author: daffainfo
   severity: critical
-  metadata:
-    author_original: "Kevin Falcoz"
-    date: "10/06/2013"
+  reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Zegost.yar
   tags: malware,file
 
 file: