From 3b3f7999884bcbb3f524e020ac8854e4b1ef406e Mon Sep 17 00:00:00 2001
From: Threat Analyst <support@reversinglabs.com>
Date: Wed, 7 Jun 2023 16:00:01 +0200
Subject: [PATCH] Added new YARA rules.

---
 yara/virus/Linux.Virus.Vit.yara | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/yara/virus/Linux.Virus.Vit.yara b/yara/virus/Linux.Virus.Vit.yara
index 8bd68e1..eb31c5d 100644
--- a/yara/virus/Linux.Virus.Vit.yara
+++ b/yara/virus/Linux.Virus.Vit.yara
@@ -1,3 +1,5 @@
+import "elf"
+
 rule Linux_Virus_Vit : tc_detection malicious
 {
     meta:
@@ -30,5 +32,5 @@ rule Linux_Virus_Vit : tc_detection malicious
       $vit_str = "vi324.tmp"
 
     condition:
-        uint32(0) == 0x464C457F and all of them
-}
+        uint32(0) == 0x464C457F and $vit_entry_point at elf.entry_point and $vit_str
+}
\ No newline at end of file