filename -fix

file/malware/aar-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-aar
+id: aar-malware
 
 info:
   name: AAR Malware - Detect

file/malware/adzok-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-adzok
+id: adzok-malware
 
 info:
   name: Adzok Malware - Detect
@@ -38,6 +38,7 @@ file:
         condition: and
 
       - type: word
+        part: raw
         words:
           - "config.xmlPK"
           - "key.classPK"
@@ -49,6 +50,7 @@ file:
         condition: and
 
       - type: word
+        part: raw
         words:
           - "config.xmlPK"
           - "key.classPK"

file/malware/alfa-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-alfa
+id: alfa-malware
 
 info:
   name: Alfa Malware - Detect

file/malware/alienspy-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-alienspy
+id: alienspy-malware
 
 info:
   name: AlienSpy Malware - Detect

file/malware/alina-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-alina
+id: alina-malware
 
 info:
   name: Alina Malware - Detect

file/malware/alpha-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-alpha
+id: alpha-malware
 
 info:
   name: Alpha Malware - Detect

file/malware/andromeda-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-andromeda
+id: andromeda-malware
 
 info:
   name: Andromeda Malware - Detect

file/malware/ap0calypse-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-ap0calypse
+id: ap0calypse-malware
 
 info:
   name: Ap0calypse Malware - Detect

file/malware/arcom-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-arcom
+id: arcom-malware
 
 info:
   name: Arcom Malware - Detect

file/malware/arkei-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-arkei
+id: arkei-malware
 
 info:
   name: Arkei Malware - Detect

file/malware/backoff-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-backoff
+id: backoff-malware
 
 info:
   name: Backoff Malware - Detect

file/malware/bandook-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-bandook
+id: bandook-malware
 
 info:
   name: Bandook Malware - Detect

file/malware/blacknix-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-blacknix
+id: blacknix-malware
 
 info:
   name: BlackNix Malware - Detect

file/malware/blackworm-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-blackworm
+id: blackworm-malware
 
 info:
   name: Blackworm Malware - Detect

file/malware/bluebanana-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-bluebanana
+id: bluebanana-malware
 
 info:
   name: BlueBanana Malware - Detect

file/malware/bozok-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-bozok
+id: bozok-malware
 
 info:
   name: Bozok Malware - Detect

file/malware/bublik-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-bublik
+id: bublik-malware
 
 info:
   name: Bublik Malware Detector

file/malware/cap-hookexkeylogger-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-cap-hookexkeylogger
+id: cap-hookexkeylogger-malware
 
 info:
   name: CAP HookExKeylogger Malware - Detect

file/malware/cerberus-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-cerberus
+id: cerberus-malware
 
 info:
   name: Cerberus Malware - Detect

file/malware/clientmesh-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-clientmesh
+id: clientmesh-malware
 
 info:
   name: ClientMesh Malware - Detect

file/malware/crimson-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-crimson
+id: crimson-malware
 
 info:
   name: Crimson Malware - Detect

file/malware/cryptxxx-dropper-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-cryptxxx-dropper
+id: cryptxxx-dropper-malware
 
 info:
   name: CryptXXX Dropper Malware - Detect

file/malware/cryptxxx-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-cryptxxx
+id: cryptxxx-malware
 
 info:
   name: CryptXXX Malware - Detect

file/malware/cxpid-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-cxpid
+id: cxpid-malware
 
 info:
   name: Cxpid Malware - Detect

file/malware/cythosia-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-cythosia
+id: cythosia-malware
 
 info:
   name: Cythosia Malware - Detect

file/malware/darkrat-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-darkrat
+id: darkrat-malware
 
 info:
   name: DarkRAT Malware - Detect

file/malware/ddostf-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-ddostf
+id: ddostf-malware
 
 info:
   name: DDoSTf Malware - Detect
@@ -25,6 +25,6 @@ file:
 
       - type: binary
         binary:
-          - 'E8AEBEE7BDAE5443505F4B454550494E54564CE99499E8AFAFEFBC9A00' #TCP_KEEPINTVL
+          - 'E8AEBEE7BDAE5443505F4B454550494E54564CE99499E8AFAFEFBC9A00'
-          - 'E8AEBEE7BDAE5443505F4B454550434E54E99499E8AFAFEFBC9A00' #TCP_KEEPCNT
+          - 'E8AEBEE7BDAE5443505F4B454550434E54E99499E8AFAFEFBC9A00'
         condition: and

file/malware/derkziel-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-derkziel
+id: derkziel-malware
 
 info:
   name: Derkziel Malware - Detect

file/malware/dexter-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-dexter
+id: dexter-malware
 
 info:
   name: Dexter Malware - Detect

file/malware/diamondfox-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-diamondfox
+id: diamondfox-malware
 
 info:
   name: DiamondFox Malware - Detect

file/malware/dmalocker-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-dmalocker
+id: dmalocker-malware
 
 info:
   name: DMA Locker Malware - Detect

file/malware/doublepulsar-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-doublepulsar
+id: doublepulsar-malware
 
 info:
   name: DoublePulsar Malware - Detect
@@ -14,6 +14,6 @@ file:
     matchers:
       - type: binary
         binary:
-          - "FD0C8C5CB8C424C5CCCCCC0EE8CC246BCCCCCC0F24CDCCCCCC275C9775BACDCCCCC3FE" #xor
+          - "FD0C8C5CB8C424C5CCCCCC0EE8CC246BCCCCCC0F24CDCCCCCC275C9775BACDCCCCC3FE"
-          - "45208D938D928D918D90929391970F9F9E9D99844529844D20CCCDCCCC9B844503844514844549CC3333332477CCCCCC844549C43333332484CDCCCC844549DC333333844749CC333333844741" #dll
+          - "45208D938D928D918D90929391970F9F9E9D99844529844D20CCCDCCCC9B844503844514844549CC3333332477CCCCCC844549C43333332484CDCCCC844549DC333333844749CC333333844741"
         condition: or

file/malware/eicar-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-eicar
+id: eicar-malware
 
 info:
   name: Eicar Malware - Detect

file/malware/erebus-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-erebus
+id: erebus-malware
 
 info:
   name: Erebus Malware - Detect

file/malware/ezcob-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-ezcob
+id: ezcob-malware
 
 info:
   name: Ezcob Malware - Detect

file/malware/fudcrypt-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-fudcrypt
+id: fudcrypt-malware
 
 info:
   name: FUDCrypt Malware - Detect

file/malware/gafgyt-bash-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gafgyt-bash
+id: gafgyt-bash-malware
 
 info:
   name: Gafgyt Malware - Detect

file/malware/gafgyt-generic-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gafgyt-generic
+id: gafgyt-generic-malware
 
 info:
   name: Gafgyt Malware - Detect

file/malware/gafgyt-hihi-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gafgyt-hihi
+id: gafgyt-hihi-malware
 
 info:
   name: Gafgyt Malware - Detect

file/malware/gafgyt-hoho-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gafgyt-hoho
+id: gafgyt-hoho-malware
 
 info:
   name: Gafgyt Malware - Detect

file/malware/gafgyt-jackmy-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gafgyt-jackmy
+id: gafgyt-jackmy-malware
 
 info:
   name: Gafgyt Malware - Detect

file/malware/gafgyt-oh-malware.yaml

@@ -1,7 +1,7 @@
-id: malware-gafgyt-oh
+id: gafgyt-oh-malware
 
 info:
-  name: Gafgyt Malware - Detect
+  name: Gafgyt Oh Malware - Detect
   author: daffainfo
   severity: info
   reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar

file/malware/genome-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-genome
+id: genome-malware
 
 info:
   name: Genome Malware - Detect

file/malware/glass-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-glass
+id: glass-malware
 
 info:
   name: Glass Malware - Detect

file/malware/glasses-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-glasses
+id: glasses-malware
 
 info:
   name: Glasses Malware - Detect

file/malware/gozi-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gozi
+id: gozi-malware
 
 info:
   name: Gozi Malware - Detect

file/malware/gpgqwerty-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-gpgqwerty
+id: gpgqwerty-malware
 
 info:
   name: GPGQwerty Malware - Detect

file/malware/greame-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-greame
+id: greame-malware
 
 info:
   name: Greame Malware - Detect

file/malware/grozlex-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-grozlex
+id: grozlex-malware
 
 info:
   name: Grozlex Malware - Detect

file/malware/hawkeye-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-hawkeye
+id: hawkeye-malware
 
 info:
   name: HawkEye Malware - Detect

file/malware/imminent-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-imminent
+id: imminent-malware
 
 info:
   name: Imminent Malware - Detect

file/malware/infinity-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-infinity
+id: infinity-malware
 
 info:
   name: Infinity Malware - Detect

file/malware/insta11-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-insta11
+id: insta11-malware
 
 info:
   name: Insta11 Malware - Detect

file/malware/intel-virtualization-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-intel-virtualization
+id: intel-virtualization-malware
 
 info:
   name: Intel Virtualization Malware - Detect

file/malware/iotreaper-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-iotreaper
+id: iotreaper-malware
 
 info:
   name: IotReaper Malware - Detect

file/malware/linux-aesddos-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-linux-aesddos
+id: linux-aesddos-malware
 
 info:
   name: Linux AESDDOS Malware - Detect

file/malware/linux-billgates-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-linux-billgates
+id: linux-billgates-malware
 
 info:
   name: Linux BillGates Malware - Detect

file/malware/linux-elknot-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-linux-elknot
+id: linux-elknot-malware
 
 info:
   name: Linux Elknot Malware - Detect

file/malware/linux-mrblack-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-linux-mrblack
+id: linux-mrblack-malware
 
 info:
   name: Linux MrBlack Malware - Detect

file/malware/linux-tsunami-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-linux-tsunami
+id: linux-tsunami-malware
 
 info:
   name: Linux Tsunami Malware - Detect

file/malware/locky-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-locky
+id: locky-malware
 
 info:
   name: Locky Malware - Detect

file/malware/lostdoor-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-lostdoor
+id: lostdoor-malware
 
 info:
   name: LostDoor Malware - Detect

file/malware/luminositylink-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-luminositylink
+id: luminositylink-malware
 
 info:
   name: LuminosityLink Malware - Detect

file/malware/luxnet-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-luxnet
+id: luxnet-malware
 
 info:
   name: LuxNet Malware - Detect

file/malware/macgyver-installer-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-macgyver-installer
+id: macgyver-installer--malware
 
 info:
   name: MacGyver.cap Installer Malware - Detect

file/malware/macgyver-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-macgyver
+id: macgyver-malware
 
 info:
   name: MacGyver.cap Malware - Detect

file/malware/madness-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-madness
+id: madness-malware
 
 info:
   name: Madness DDOS Malware - Detect

file/malware/miner--malware.yaml

@@ -1,4 +1,4 @@
-id: malware-miner
+id: miner-malware
 
 info:
   name: Miner Malware - Detect

file/malware/miniasp3-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-miniasp3
+id: miniasp3-malware
 
 info:
   name: MiniASP3 Malware - Detect

file/malware/naikon-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-naikon
+id: naikon-malware
 
 info:
   name: Naikon Malware - Detect

file/malware/naspyupdate-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-naspyupdate
+id: naspyupdate-malware
 
 info:
   name: nAspyUpdate Malware - Detect

file/malware/notepad-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-notepad
+id: notepad-malware
 
 info:
   name: Notepad v1.1 Malware - Detect

file/malware/olyx-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-olyx
+id: olyx-malware
 
 info:
   name: Olyx Malware - Detect

file/malware/osx-leverage-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-osx-leverage
+id: osx-leverage-malware
 
 info:
   name: OSX Leverage Malware - Detect

file/malware/paradox-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-paradox
+id: paradox-malware
 
 info:
   name: Paradox Malware - Detect

file/malware/plasma-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-plasma
+id: plasma-malware
 
 info:
   name: Plasma Malware - Detect

file/malware/poetrat-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-poetrat
+id: poetrat-malware
 
 info:
   name: PoetRat Malware - Detect

file/malware/pony-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-pony
+id: pony-malware
 
 info:
   name: Pony Malware - Detect

file/malware/pubsab-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-pubsab
+id: pubsab-malware
 
 info:
   name: PubSab Malware - Detect

file/malware/punisher-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-punisher
+id: punisher-malware
 
 info:
   name: Punisher Malware - Detect

file/malware/pypi-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-pypi
+id: pypi-malware
 
 info:
   name: Fake PyPI Malware - Detect

file/malware/pythorat-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-pythorat
+id: pythorat-malware
 
 info:
   name: PythoRAT Malware - Detect

file/malware/qrat-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-qrat
+id: qrat-malware
 
 info:
   name: QRat Malware - Detect

file/malware/satana-dropper-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-satana-dropper
+id: satana-dropper-malware
 
 info:
   name: Satana Dropper Malware - Detect

file/malware/satana-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-satana
+id: satana-malware
 
 info:
   name: Satana Malware - Detect

file/malware/shimrat-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-shimrat
+id: shimrat-malware
 
 info:
   name: ShimRat Malware - Detect

file/malware/shimratreporter-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-shimratreporter
+id: shimratreporter-malware
 
 info:
   name: ShimRatReporter Malware - Detect

file/malware/sigma-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-sigma
+id: sigma-malware
 
 info:
   name: Sigma Malware - Detect

file/malware/smallnet-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-smallnet
+id: smallnet-malware
 
 info:
   name: SmallNet Malware - Detect

file/malware/snake-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-snake
+id: snake-malware
 
 info:
   name: Snake Malware - Detect

file/malware/sub7nation-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-sub7nation
+id: sub7nation-malware
 
 info:
   name: Sub7Nation Malware - Detect

file/malware/t5000-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-t5000
+id: t5000-malware
 
 info:
   name: T5000 Malware - Detect

file/malware/tedroo-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-tedroo
+id: tedroo-malware
 
 info:
   name: Tedroo Malware - Detect

file/malware/terminator-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-terminator
+id: terminator-malware
 
 info:
   name: Terminator Malware - Detect

file/malware/teslacrypt-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-teslacrypt
+id: teslacrypt-malware
 
 info:
   name: TeslaCrypt Malware - Detect

file/malware/tox-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-tox
+id: tox-malware
 
 info:
   name: Tox Malware - Detect

file/malware/treasurehunt-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-treasurehunt
+id: treasurehunt-malware
 
 info:
   name: Trickbot Malware - Detect

file/malware/trickbot-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-trickbot
+id: trickbot-malware
 
 info:
   name: Trickbot Malware - Detect

file/malware/trumpbot-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-trumpbot
+id: trumpbot-malware
 
 info:
   name: TrumpBot Malware - Detect

file/malware/universal-1337-malware.yaml

@@ -1,4 +1,4 @@
-id: malware-universal-1337
+id: universal-1337-malware
 
 info:
   name: Universal 1337 Stealer Malware - Detect