Added new YARA rules.

2026-06-08 17:57:13 +00:00 · 2023-06-07 16:00:01 +02:00
parent d4a62b8538
commit 3b3f799988
1 changed files with 4 additions and 2 deletions
@@ -1,3 +1,5 @@
+import "elf"
+
 rule Linux_Virus_Vit : tc_detection malicious
 {
    meta:
@@ -30,5 +32,5 @@ rule Linux_Virus_Vit : tc_detection malicious
      $vit_str = "vi324.tmp"

    condition:
-        uint32(0) == 0x464C457F and all of them
-}
+        uint32(0) == 0x464C457F and $vit_entry_point at elf.entry_point and $vit_str
+}