From 0075067885f01e27567ba349be99d1bad843efe9 Mon Sep 17 00:00:00 2001 From: mmorenog Date: Wed, 20 Jul 2016 12:41:10 +0200 Subject: [PATCH] Update and rename Blackhole_EK.yar to EK_Blackhole.yar --- .../{Blackhole_EK.yar => EK_Blackhole.yar} | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) rename Exploit-Kits/{Blackhole_EK.yar => EK_Blackhole.yar} (97%) diff --git a/Exploit-Kits/Blackhole_EK.yar b/Exploit-Kits/EK_Blackhole.yar similarity index 97% rename from Exploit-Kits/Blackhole_EK.yar rename to Exploit-Kits/EK_Blackhole.yar index 5e0ffcff..9843ef47 100644 --- a/Exploit-Kits/Blackhole_EK.yar +++ b/Exploit-Kits/EK_Blackhole.yar @@ -2,7 +2,7 @@ This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license. */ -rule blackhole2_jar +rule blackhole2_jar : EK { meta: author = "Josh Berry" @@ -29,7 +29,7 @@ strings: condition: 13 of them } -rule blackhole2_jar2 +rule blackhole2_jar2 : EK { meta: author = "Josh Berry" @@ -55,7 +55,7 @@ strings: condition: 12 of them } -rule blackhole2_jar3 +rule blackhole2_jar3 : EK { meta: author = "Josh Berry" @@ -81,7 +81,7 @@ strings: condition: 12 of them } -rule blackhole2_pdf +rule blackhole2_pdf : EK PDF { meta: author = "Josh Berry" @@ -113,7 +113,7 @@ strings: condition: 18 of them } -rule blackhole_basic : exploit_kit +rule blackhole_basic : EK { strings: $a = /\.php\?\.*\?\:[a-zA-Z0-9\:]{6,}\&\.*\?\&/ @@ -146,7 +146,7 @@ strings: condition: 12 of them } -rule blackhole2_css +rule blackhole2_css : EK { meta: author = "Josh Berry" @@ -168,7 +168,7 @@ strings: condition: 18 of them } -rule blackhole2_htm +rule blackhole2_htm : EK { meta: author = "Josh Berry" @@ -204,7 +204,7 @@ strings: condition: 14 of them } -rule blackhole2_htm10 +rule blackhole2_htm10 : EK { meta: author = "Josh Berry" @@ -241,7 +241,7 @@ strings: condition: 15 of them } -rule blackhole2_htm11 +rule blackhole2_htm11 : EK { meta: author = "Josh Berry" @@ -274,7 +274,7 @@ strings: condition: 11 of them } -rule blackhole2_htm12 +rule blackhole2_htm12 : EK { meta: author = "Josh Berry" @@ -310,7 +310,7 @@ strings: condition: 14 of them } -rule blackhole2_htm3 +rule blackhole2_htm3 : EK { meta: author = "Josh Berry" @@ -329,7 +329,7 @@ strings: condition: 3 of them } -rule blackhole2_htm4 +rule blackhole2_htm4 : EK { meta: author = "Josh Berry" @@ -359,7 +359,7 @@ strings: condition: 8 of them } -rule blackhole2_htm5 +rule blackhole2_htm5 : EK { meta: author = "Josh Berry" @@ -393,7 +393,7 @@ strings: condition: 12 of them } -rule blackhole2_htm6 +rule blackhole2_htm6 : EK { meta: author = "Josh Berry" @@ -423,7 +423,7 @@ strings: condition: 8 of them } -rule blackhole2_htm8 +rule blackhole2_htm8 : EK { meta: author = "Josh Berry"