Revert a broken/wip commit

author: jvoisin 2016-01-04 18:09:53 +0100
committer: jvoisin 2016-01-04 18:09:53 +0100
commit: 1c6cf5f703c3ddeafa43237150f750d4b4ca6a1f (patch)
tree: aa86b9108d4be65f7777377587d81592e6063c74 /malwares.yara
parent: e6c04caba89f6915c84b247990382461851e08f3 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/malwares.yara b/malwares.yara
index ee6ea07..c3679b2 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -199,6 +199,7 @@ rule DodgyStrings
        $ = "ps -aux" fullword
        $ = "b374k" fullword
        $ = /(reverse|web)\s*shell/ nocase
+        $ = /\t{16,}?/
        $vbs = /language\s*=\s*vbscript/ nocase
        $asp = "scripting.filesystemobject" nocase
author	jvoisin	2016-01-04 18:09:53 +0100
committer	jvoisin	2016-01-04 18:09:53 +0100
commit	1c6cf5f703c3ddeafa43237150f750d4b4ca6a1f (patch)
tree	aa86b9108d4be65f7777377587d81592e6063c74 /malwares.yara
parent	e6c04caba89f6915c84b247990382461851e08f3 (diff)

diff --git a/malwares.yara b/malwares.yara index ee6ea07..c3679b2 100644 --- a/malwares.yara +++ b/malwares.yara
@@ -199,6 +199,7 @@ rule DodgyStrings
199	$ = "ps -aux" fullword	199	$ = "ps -aux" fullword
200	$ = "b374k" fullword	200	$ = "b374k" fullword
201	$ = /(reverse\|web)\s*shell/ nocase	201	$ = /(reverse\|web)\s*shell/ nocase
		202	$ = /\t{16,}?/
202		203
203	$vbs = /language\s=\svbscript/ nocase	204	$vbs = /language\s=\svbscript/ nocase
204	$asp = "scripting.filesystemobject" nocase	205	$asp = "scripting.filesystemobject" nocase