From c6c99501894f73c852f5cd9c13ce44c6f4a025e2 Mon Sep 17 00:00:00 2001 From: kse Date: Thu, 19 Dec 2024 10:35:08 +0100 Subject: [PATCH] Add the DRL License to the Community repo + remove the 'sekoiaio_' prefix from YARA rules --- LICENSE | 17 +++++++++++ ...okrat_macho.yar => apt37_rokrat_macho.yar} | 2 +- ...pt_37_chinotto.yar => apt_37_chinotto.yar} | 2 +- ...tealer.yar => apt_3cx_payload_stealer.yar} | 2 +- ...rings.yar => apt_agent_racoon_strings.yar} | 2 +- ...s.yar => apt_andariel_dorarat_strings.yar} | 2 +- ...yar => apt_andariel_keylogger_strings.yar} | 2 +- ...pt_andariel_nestdoor_variants_strings.yar} | 2 +- ...nablue.yar => apt_andariel_siennablue.yar} | 2 +- ...ui_loader.yar => apt_apt10_hui_loader.yar} | 2 +- ...> apt_apt28_document_phishing_webpage.yar} | 2 +- ...ggling.yar => apt_apt28_htmlsmuggling.yar} | 2 +- ...apt_apt28_htmlsmuggling_disclosing_ip.yar} | 2 +- ... => apt_apt28_powershell_ntlm_stealer.yar} | 2 +- ...=> apt_apt28_susp_graphite_downloader.yar} | 2 +- ...yar => apt_apt28_ukrnet_phishing_page.yar} | 2 +- ...=> apt_apt28_wayzgoose_exploit_string.yar} | 2 +- ...e.yar => apt_apt29_malicious_rdp_file.yar} | 2 +- ...uarterrig.yar => apt_apt29_quarterrig.yar} | 2 +- ...=> apt_apt29_wineloader_malicious_hta.yar} | 2 +- ...=> apt_apt29_wineloader_malicious_pdf.yar} | 2 +- ...pt31_pakdoor.yar => apt_apt31_pakdoor.yar} | 2 +- ...pt31_rekoobe.yar => apt_apt31_rekoobe.yar} | 2 +- ..._falsefont.yar => apt_apt33_falsefont.yar} | 2 +- ...pt33_tickler.yar => apt_apt33_tickler.yar} | 2 +- ...ings.yar => apt_apt35_iisraid_strings.yar} | 2 +- ...apt_apt37_chinotto_powershell_variant.yar} | 2 +- ...e.yar => apt_apt37_malicious_hta_file.yar} | 2 +- ...r.yar => apt_apt41_javascript_dropper.yar} | 2 +- ...pper.yar => apt_apt41_keyplug_dropper.yar} | 2 +- ...pt_apt41_powershell_collection_script.yar} | 2 +- ..._apt41_powershell_exfiltration_script.yar} | 2 +- ...door.yar => apt_apt_k_47_orpcbackdoor.yar} | 2 +- ...shell.yar => apt_apt_k_47_walkershell.yar} | 2 +- ...s_maldoc.yar => apt_aptc36_vbs_maldoc.yar} | 2 +- ....yar => apt_aptc60_downloader_strings.yar} | 2 +- ...yncshell.yar => apt_aptk47_asyncshell.yar} | 2 +- ...ouslnk.yar => apt_aptk47_maliciouslnk.yar} | 2 +- ...ker.yar => apt_aridviper_rustsysjoker.yar} | 2 +- ...ordiplomaty_custommerlinagent_strings.yar} | 2 +- ...r => apt_backdoordiplomaty_phantomnet.yar} | 2 +- ...=> apt_badmagic_commonmagic_generic_1.yar} | 2 +- ...=> apt_badmagic_commonmagic_generic_2.yar} | 2 +- ....yar => apt_badmagic_commonmagic_main.yar} | 2 +- ...admagic_commonmagic_screenshot_module.yar} | 2 +- ...> apt_badmagic_commonmagic_usbstealer.yar} | 2 +- ...yar => apt_badmagic_generic_pshscript.yar} | 2 +- ... => apt_badmagic_installpzz_pshscript.yar} | 2 +- ... apt_badmagic_ld_dll_loader_pshscript.yar} | 2 +- ...r => apt_badmagic_listfiles_pshscript.yar} | 2 +- ...lnk.yar => apt_badmagic_malicious_lnk.yar} | 2 +- ...c_modules.yar => apt_badmagic_modules.yar} | 2 +- ...pt.yar => apt_badmagic_reco_pshscript.yar} | 2 +- ... => apt_badmagic_startngrok_pshscript.yar} | 2 +- ... apt_badmagic_startrevsocks_pshscript.yar} | 2 +- ...in.yar => apt_blackwood_nspx30_plugin.yar} | 2 +- ...e_strings.yar => apt_boldmove_strings.yar} | 2 +- ...ap_maldocx.yar => apt_buhtrap_maldocx.yar} | 2 +- ....yar => apt_cerana_keeper_dropboxflop.yar} | 2 +- ...k0130.yar => apt_cerana_keeper_yk0130.yar} | 2 +- ...t_cloudatlas_init_module_virtualalloc.yar} | 2 +- ...r => apt_cloudatlas_powershower_clean.yar} | 2 +- ... => apt_cloudatlas_powershower_module.yar} | 2 +- ...apt_cloudatlas_powershower_obfuscated.yar} | 2 +- ...=> apt_cloudatlas_powershower_variant.yar} | 2 +- ...nel.yar => apt_cloudatlas_powertunnel.yar} | 2 +- ... => apt_cloudatlas_powertunnel_loader.yar} | 2 +- ...loudatlas_rtf_shellcode_cve_2018_0798.yar} | 2 +- ...cloudatlas_stagescalldllmainafterexec.yar} | 2 +- ...=> apt_cloudmensis_downloader_strings.yar} | 2 +- ...r => apt_cloudmensis_spyagent_strings.yar} | 2 +- ...r_beacon.yar => apt_coathanger_beacon.yar} | 2 +- ...ger_files.yar => apt_coathanger_files.yar} | 2 +- ...ar => apt_cottonsandstorm_win_implant.yar} | 2 +- ...db_path.yar => apt_dark_pink_pdb_path.yar} | 2 +- ...r => apt_darkpink_kamikakabot_strings.yar} | 2 +- ...apt_darkpink_loader_decryptionroutine.yar} | 2 +- ...ink_sample.yar => apt_darkpink_sample.yar} | 2 +- ...yar => apt_emberbear_credpump_strings.yar} | 2 +- ...emissarypanda_sysupdate_removing_tool.yar} | 2 +- ...pt_emissarypanda_web_auto_attack_tool.yar} | 2 +- ...sive_panda_downloader_certificate_exe.yar} | 2 +- ...l.yar => apt_evasive_panda_rphost_dll.yar} | 2 +- ....yar => apt_flightnight_malicious_lnk.yar} | 2 +- ..._gamaredon_ddrdoh_powershell_backdoor.yar} | 2 +- ...> apt_gamaredon_ddrdoh_vbs_downloader.yar} | 2 +- ...t_gamaredon_ddrdoh_vbs_downloader_vbs.yar} | 2 +- ...> apt_gamaredon_doc_external_template.yar} | 2 +- ...ar => apt_gamaredon_flash_infostealer.yar} | 2 +- ..._gamaredon_gamaredon_lnk_usb_spreader.yar} | 2 +- ...on_gamaredon_lnk_usb_spreader_encoded.yar} | 2 +- ... apt_gamaredon_gammaload_malicioushta.yar} | 2 +- ... apt_gamaredon_gammaload_maliciouslnk.yar} | 2 +- ...apt_gamaredon_getlogicaldrive_hunting.yar} | 2 +- ...r => apt_gamaredon_htmlsmuggling_2024.yar} | 2 +- ...pt_gamaredon_htmlsmuggling_attachment.yar} | 2 +- ...redon_htmlsmuggling_attachment_stage2.yar} | 2 +- ...amaredon_lnk.yar => apt_gamaredon_lnk.yar} | 2 +- ...der.yar => apt_gamaredon_lnk_spreader.yar} | 2 +- ...> apt_gamaredon_lnks_farl139_hostname.yar} | 2 +- ...ll.yar => apt_gamaredon_powerrevshell.yar} | 2 +- ...> apt_gamaredon_stealer_obfuscation_1.yar} | 2 +- ...> apt_gamaredon_stealer_obfuscation_2.yar} | 2 +- ...paws.yar => apt_gamaredon_subtle_paws.yar} | 2 +- ...r.yar => apt_gamaredon_vbs_downloader.yar} | 2 +- ...ar => apt_gelsemium_firewood_backdoor.yar} | 2 +- ...r => apt_gelsemium_wolfsbane_backdoor.yar} | 2 +- ...r => apt_gelsemium_wolfsbane_launcher.yar} | 2 +- ...ar => apt_gelsemium_wolfsbane_rootkit.yar} | 2 +- ..._globalshadow.yar => apt_globalshadow.yar} | 2 +- ...iaio_apt_gobrat_2.yar => apt_gobrat_2.yar} | 2 +- ..._granitetyphoon_pingpulllinux_strings.yar} | 2 +- ... apt_granitetyphoon_sword2023_strings.yar} | 2 +- ...icecache.yar => apt_icepeony_icecache.yar} | 2 +- ...iceevent.yar => apt_icepeony_iceevent.yar} | 2 +- ...implant_xdealer_linux_variant_strings.yar} | 2 +- ...> apt_implant_xdealer_stealer_strings.yar} | 2 +- ...gs.yar => apt_implant_xdealer_strings.yar} | 2 +- ..._implant_xdealer_vbs_launcher_strings.yar} | 2 +- ...mplant.yar => apt_ir_sugarush_implant.yar} | 2 +- ...loader.yar => apt_ivanti_krustyloader.yar} | 2 +- ...imsuky_fpspy.yar => apt_kimsuky_fpspy.yar} | 2 +- ...ky_klogexe.yar => apt_kimsuky_klogexe.yar} | 2 +- ...=> apt_kimsuky_malicious_gotopwsh_lnk.yar} | 2 +- ..._vba.yar => apt_kimsuky_malicious_vba.yar} | 2 +- ...ershell.yar => apt_kimsuky_powershell.yar} | 2 +- ...pt_kimsuky_powershell_dropper_strings.yar} | 2 +- ...harpext_compromised_securepreferences.yar} | 2 +- ...> apt_kimsuky_sharpext_devps1_strings.yar} | 2 +- ...imsuky_sharpext_devtoolmodule_strings.yar} | 2 +- ... apt_kimsuky_sharpext_jsexfil_strings.yar} | 2 +- ... => apt_kimsuky_sharptongue_c2_source.yar} | 2 +- ...ar => apt_kimsuky_sharptongue_strings.yar} | 2 +- ...msuky_sharptongue_vbslauncher_strings.yar} | 2 +- ...> apt_kimsuky_toddlershark_obfuscated.yar} | 2 +- ...r => apt_kimsuky_toddlershark_strings.yar} | 2 +- ....yar => apt_kimsuky_validator_strings.yar} | 2 +- ...pt_kimsuky_vbs.yar => apt_kimsuky_vbs.yar} | 2 +- ...apt_kimsuky_vbs_powershell_downloader.yar} | 2 +- .../{sekoiaio_apt_konni.yar => apt_konni.yar} | 2 +- ..._check_bat.yar => apt_konni_check_bat.yar} | 2 +- ...onni_dropper.yar => apt_konni_dropper.yar} | 2 +- ...b.yar => apt_lazarus_backdoored_jslib.yar} | 2 +- ...i.yar => apt_lazarus_blindingcan_rtti.yar} | 2 +- ... => apt_lazarus_dangerouspassword_lnk.yar} | 2 +- ...comms.yar => apt_lazarus_dll_c2_comms.yar} | 2 +- ...r.yar => apt_lazarus_gopuram_backdoor.yar} | 2 +- ...yar => apt_lazarus_lambload_timecheck.yar} | 2 +- ...us_pondrat.yar => apt_lazarus_pondrat.yar} | 2 +- ...apt_lazarus_vhd_ransomware_downloader.yar} | 2 +- ... => apt_lazarus_vhd_ransomware_loader.yar} | 2 +- ...pt_luckymouse_compromised_electronapp.yar} | 2 +- ....yar => apt_luckymouse_rshell_strings.yar} | 2 +- ...uckymouse_rshell_strings_all_platform.yar} | 2 +- ...pt_luckymouse_sysupdate_removing_tool.yar} | 2 +- ...ocoproxy.yar => apt_malware_pocoproxy.yar} | 2 +- ...r => apt_menupass_maliciouslibvlc_dll.yar} | 2 +- ...> apt_micdown_encrypted_configuration.yar} | 2 +- ...apt_muddywater_manifestation_backdoor.yar} | 2 +- ...ter_manifestation_backdoor_obfuscated.yar} | 2 +- ...agent.yar => apt_muddywater_moriagent.yar} | 2 +- ...ywater_muddyc2go_dll_launcher_strings.yar} | 2 +- ...water_powershell_reverse_secure_proxy.yar} | 2 +- ...=> apt_muddywater_powgoop_decode_loop.yar} | 2 +- ...yar => apt_muddywater_powgoop_decoded.yar} | 2 +- ....yar => apt_muddywater_powgoop_loader.yar} | 2 +- ....yar => apt_muddywater_rotrot_strings.yar} | 2 +- ...age.yar => apt_mustang_panda_nupakage.yar} | 2 +- ...eins.yar => apt_mustang_panda_toneins.yar} | 2 +- ...ll.yar => apt_mustang_panda_toneshell.yar} | 2 +- ...nt.yar => apt_mustangpanda_coolclient.yar} | 2 +- ...r => apt_mustangpanda_decrypt_payload.yar} | 2 +- ...er.yar => apt_mustangpanda_downloader.yar} | 2 +- ...> apt_mustangpanda_malicious_lnk_worm.yar} | 2 +- ...da_maliciousdll_loading_plugx_strings.yar} | 2 +- ... => apt_mustangpanda_mqsttang_qmagent.yar} | 2 +- ...yload.yar => apt_mustangpanda_payload.yar} | 2 +- ...note.yar => apt_mustangpanda_tinynote.yar} | 2 +- ...drop.yar => apt_mustangpanda_tonedrop.yar} | 2 +- ... apt_mustangpanda_windows_remoteshell.yar} | 2 +- ...windows_shellcode_decryptionalgorithm.yar} | 2 +- ...ddll.yar => apt_mustangpanda_xoreddll.yar} | 2 +- ...akage.yar => apt_mustangpanda_zpakage.yar} | 2 +- ...t_nobelium_acrobox_downloader_apr2022.yar} | 2 +- ...en.yar => apt_nobelium_nativezone_gen.yar} | 2 +- ...ings.yar => apt_oilrig_clipog_strings.yar} | 2 +- ... apt_oilrig_maliciousdocument_may2022.yar} | 2 +- ...ngs.yar => apt_oilrig_odagent_strings.yar} | 2 +- ....yar => apt_oilrig_oilbooster_strings.yar} | 2 +- ...hange.yar => apt_oilrig_powerexchange.yar} | 2 +- ...> apt_oilrig_saitama_backdoor_may2022.yar} | 2 +- ...apt_oilrig_saitama_backdoor_may2022_2.yar} | 2 +- ...ings.yar => apt_oilrig_sc5kv3_strings.yar} | 2 +- ...g_webshell.yar => apt_oilrig_webshell.yar} | 2 +- ...yar => apt_polonium_deepcreep_strings.yar} | 2 +- ...yar => apt_polonium_megacreep_strings.yar} | 2 +- ...lonium_powershell_creepydrive_strings.yar} | 2 +- ...r => apt_polonium_technocreep_strings.yar} | 2 +- ...22.yar => apt_qnapworm_loader_may2022.yar} | 2 +- ...io_apt_queueseed.yar => apt_queueseed.yar} | 2 +- ...ar => apt_reaper_2fa_phishing_webpage.yar} | 2 +- ...s_lnk.yar => apt_reaper_malicious_lnk.yar} | 2 +- ... => apt_redhotel_maliciouslnk_strings.yar} | 2 +- ..._stealer.yar => apt_rusticweb_stealer.yar} | 2 +- ...ndworm_awfulshred_obfuscation_apr2022.yar} | 2 +- ...t_sandworm_caddywiper_stacked_strings.yar} | 2 +- ....yar => apt_sandworm_notpetya_strings.yar} | 2 +- ....yar => apt_sandworm_olympicdestroyer.yar} | 2 +- ....yar => apt_sandworm_orcshred_apr2022.yar} | 2 +- ....yar => apt_sandworm_powergap_apr2022.yar} | 2 +- ... apt_scanbox_framework_not_obfuscated.yar} | 2 +- ...ar => apt_scanbox_obfuscated_versions.yar} | 2 +- ...> apt_shadowpad_first_called_function.yar} | 2 +- ...apt_sidecopy_actionrat_packer_strings.yar} | 2 +- ...ecopy_cheex.yar => apt_sidecopy_cheex.yar} | 2 +- ...o.yar => apt_sidecopy_malicious_macro.yar} | 2 +- ...ar => apt_sidecopy_reverserat_strings.yar} | 2 +- ...=> apt_sofacy_graphitemalware_generic.yar} | 2 +- ...a.yar => apt_spikedwine_malicious_hta.yar} | 2 +- ...ader.yar => apt_spikedwine_wineloader.yar} | 2 +- ...ar => apt_spynote_android_dex_strings.yar} | 2 +- ..._apt_stripedfly.yar => apt_stripedfly.yar} | 2 +- ...pt_sugardump_credentials_stealer_http.yar} | 2 +- ...pt_sugardump_credentials_stealer_smtp.yar} | 2 +- ... apt_sugargh0stcampaign_malicious_lnk.yar} | 2 +- ...yar => apt_susp_apt28_uac0063_hatvibe.yar} | 2 +- ... => apt_susp_apt28_uac0063_hta_loader.yar} | 2 +- ... apt_susp_apt28_uac0063_malicious_doc.yar} | 2 +- ...28_uac0063_malicious_doc_settings_xml.yar} | 2 +- ..._susp_apt28_uac0063_malicious_doc_vba.yar} | 2 +- ...> apt_susp_lazarus_dangerous_password.yar} | 2 +- ... apt_suspected_sandworm_sdelete_wiper.yar} | 2 +- ...ger.yar => apt_ta410_driver_keylogger.yar} | 2 +- ...der.yar => apt_ta410_flowcloud_loader.yar} | 2 +- ..._rtti.yar => apt_ta410_flowcloud_rtti.yar} | 2 +- ...ings.yar => apt_ta428_tmanger_strings.yar} | 2 +- ...kurma_snappytcp_reverse_shell_strings.yar} | 2 +- ...ar => apt_tealkurma_snappytcp_strings.yar} | 2 +- ....yar => apt_toddycat_toddybox_strings.yar} | 2 +- ...yar => apt_toddycat_tomberbil_strings.yar} | 2 +- ...ngs.yar => apt_toddycat_waexp_strings.yar} | 2 +- ...ll_loader.yar => apt_toneshell_loader.yar} | 2 +- ...llcode.yar => apt_toneshell_shellcode.yar} | 2 +- ...r.yar => apt_tortoiseshell_imaploader.yar} | 2 +- ...apt_tortoiseshell_wateringhole_script.yar} | 2 +- ...urla_comlook.yar => apt_turla_comlook.yar} | 2 +- ....yar => apt_turla_kazuar_variant_2023.yar} | 2 +- ..._lonepage.yar => apt_uac0099_lonepage.yar} | 2 +- ... apt_uac0154_malicious_html_smuggling.yar} | 2 +- ..._uac0154_powershell_infection_chain_1.yar} | 2 +- ..._uac0154_powershell_infection_chain_2.yar} | 2 +- ....yar => apt_unc3524_quietexit_strings.yar} | 2 +- ...pyc.yar => apt_unc4990_emptyspace_pyc.yar} | 2 +- ...r_ps1.yar => apt_unc4990_explorer_ps1.yar} | 2 +- ... apt_unc4990_explorer_ps1_reverse_b64.yar} | 2 +- ...ings.yar => apt_unk_batcopier_strings.yar} | 2 +- ...pt_unk_dex_china_freedom_trap_spyware.yar} | 2 +- ...pt_unk_hrserv_memory_commands_strings.yar} | 2 +- ...ar => apt_unk_hrserv_webshell_strings.yar} | 2 +- ...ious_lnk.yar => apt_unk_malicious_lnk.yar} | 2 +- ...apt_unknown_sessionmanageriis_strings.yar} | 2 +- ..._uta0178_javascript_inclusion_strings.yar} | 2 +- ... apt_uta0218_upstyle_backdoor_strings.yar} | 2 +- ...fender.yar => apt_win_disabledefender.yar} | 2 +- ...ap.yar => apt_windows_wip19_screencap.yar} | 2 +- ...uardzoo.yar => apt_yemen_apk_guardzoo.yar} | 2 +- ...r_blueshell.yar => backdoor_blueshell.yar} | 2 +- ...n_bifrost.yar => backdoor_lin_bifrost.yar} | 2 +- ...n_bpfdoor.yar => backdoor_lin_bpfdoor.yar} | 2 +- ...supdate.yar => backdoor_lin_sysupdate.yar} | 2 +- ...sparkrat.yar => backdoor_mul_sparkrat.yar} | 2 +- ...yar => backdoor_mul_supershell_client.yar} | 2 +- ...backdoor_opensource_northstar_strings.yar} | 2 +- ...ackdoor_oyster.yar => backdoor_oyster.yar} | 2 +- ...backdoor_powershellempire_batlauchers.yar} | 2 +- ...r => backdoor_powershellempire_csharp.yar} | 2 +- ....yar => backdoor_powershellempire_gen.yar} | 2 +- ...r => backdoor_powershellempire_python.yar} | 2 +- ...=> backdoor_powershellempire_sharpire.yar} | 2 +- ...rings.yar => backdoor_sandman_strings.yar} | 2 +- ...dardoor.yar => backdoor_win_andardoor.yar} | 2 +- ...blackrat.yar => backdoor_win_blackrat.yar} | 2 +- ...feedload.yar => backdoor_win_feedload.yar} | 2 +- ...tiger.yar => backdoor_win_foresttiger.yar} | 2 +- ...adertip.yar => backdoor_win_headertip.yar} | 2 +- ...n_ketrum2.yar => backdoor_win_ketrum2.yar} | 2 +- ...n_kimsuky.yar => backdoor_win_kimsuky.yar} | 2 +- ...t_main.yar => backdoor_win_mgbot_main.yar} | 2 +- ...minibike.yar => backdoor_win_minibike.yar} | 2 +- ...n_minibus.yar => backdoor_win_minibus.yar} | 2 +- ...yar => backdoor_win_nukesped_andariel.yar} | 2 +- ...win_rokrat.yar => backdoor_win_rokrat.yar} | 2 +- ...llsling.yar => backdoor_win_rollsling.yar} | 2 +- ...r_win_sidewinder_cobaltstrike_2022_09.yar} | 2 +- ...ecolon.yar => backdoor_win_spacecolon.yar} | 2 +- ...n_sponsor.yar => backdoor_win_sponsor.yar} | 2 +- ...n_volgmer.yar => backdoor_win_volgmer.yar} | 2 +- ...n_warhawk.yar => backdoor_win_warhawk.yar} | 2 +- ...rdll64.yar => backdoor_win_winordll64.yar} | 2 +- ...ngs.yar => backdoor_xploitspy_strings.yar} | 2 +- ..._win_gobear.yar => backoor_win_gobear.yar} | 2 +- ...la_ng.yar => backoor_win_tinyturla_ng.yar} | 2 +- ...ril22.yar => bot_lin_enemybot_april22.yar} | 2 +- ...trings.yar => bot_lin_kinsing_strings.yar} | 2 +- ...trings.yar => bot_lin_lucifer_strings.yar} | 2 +- ...trings.yar => bot_lin_xorddos_strings.yar} | 2 +- ...ot_dec22.yar => bot_lin_zerobot_dec22.yar} | 2 +- ...ot_win_yamabot.yar => bot_win_yamabot.yar} | 2 +- ...lin_tsunami.yar => botnet_lin_tsunami.yar} | 2 +- ..._rtf.yar => builder_win_royalroad_rtf.yar} | 2 +- ...blebee_loader.yar => bumblebee_loader.yar} | 2 +- ...io_bumblebee_vhd.yar => bumblebee_vhd.yar} | 2 +- ...ings.yar => clipper_win_atlas_strings.yar} | 2 +- ...lippy.yar => clipper_win_cryptoclippy.yar} | 2 +- ...lwiper_strings.yar => clwiper_strings.yar} | 2 +- ... => crime_sload_mainpowershellimplant.yar} | 2 +- ..._powershellarchiveexfiltrator_strings.yar} | 2 +- ...e_sload_scheduledtask_dropper_strings.yar} | 2 +- ... crime_sload_vbs_downloader_strings_1.yar} | 2 +- ... crime_sload_vbs_downloader_strings_2.yar} | 2 +- ...yar => crime_sload_vbs_wsf_downloader.yar} | 2 +- ...hives.yar => crime_sload_zip_archives.yar} | 2 +- ...trings.yar => crimeware_njrat_strings.yar} | 2 +- ...ar => crybercrime_prophetspider_proxy.yar} | 2 +- ..._vbs_to_exe.yar => crypter_vbs_to_exe.yar} | 2 +- ...otrunpex.yar => crypter_win_dotrunpex.yar} | 2 +- ...ncodedurl.yar => darkriver_encodedurl.yar} | 2 +- ...ad.yar => dotnet_injector_new_payload.yar} | 2 +- ...uky_lnk.yar => downloader_kimsuky_lnk.yar} | 2 +- ...cket.yar => downloader_mac_rustbucket.yar} | 2 +- ...downloader_mac_rustbucket_swiftloader.yar} | 2 +- ...yar => downloader_mac_smooth_operator.yar} | 2 +- ...der.yar => downloader_win_andarloader.yar} | 2 +- ...r.yar => downloader_win_apt33_tickler.yar} | 2 +- ...anrat.yar => downloader_win_cobianrat.yar} | 2 +- ...gent.yar => downloader_win_curl_agent.yar} | 2 +- ...win_donot.yar => downloader_win_donot.yar} | 2 +- ...ar => downloader_win_fake_tor_browser.yar} | 2 +- ...al.yar => downloader_win_newsterminal.yar} | 2 +- ...n_search.yar => downloader_win_search.yar} | 2 +- ...yar => dropper_mac_lazarus_manuscrypt.yar} | 2 +- ...onni_cab.yar => dropper_win_konni_cab.yar} | 2 +- ...in_ninerat.yar => dropper_win_ninerat.yar} | 2 +- ...per.yar => dropper_win_romcom_dropper.yar} | 2 +- ...in_selfau3.yar => dropper_win_selfau3.yar} | 2 +- ..._exe.yar => emmenhtal_strings_hta_exe.yar} | 2 +- ...d_fmtstr.yar => evilnumpayload_fmtstr.yar} | 2 +- ...gs.yar => exploit_cve20191458_strings.yar} | 2 +- ...ings.yar => exploit_ez_pwnkit_strings.yar} | 2 +- ...exploit_linux_eop_cve20177308_strings.yar} | 2 +- ...inux_eop_cve202121974_exploit_strings.yar} | 2 +- ...=> exploit_linux_eop_dirtyc0w_strings.yar} | 2 +- ...> exploit_linux_eop_dirtypipe_strings.yar} | 2 +- ...ploit_linux_eop_polkit_pkexec_strings.yar} | 2 +- ...r => exploit_linux_eop_pwnkit_strings.yar} | 2 +- ...xploit_linux_eop_rationallove_strings.yar} | 2 +- ...buntu_overlayfs_local_privesc_strings.yar} | 2 +- ... exploit_win_cloudatlas_cve_2018_0798.yar} | 2 +- ...ger.yar => gen_empire_onedrive_stager.yar} | 2 +- ...generic_bat_script_mock_http_services.yar} | 2 +- ...ell.yar => generic_perl_reverse_shell.yar} | 2 +- ..._webshell.yar => generic_php_webshell.yar} | 2 +- ...l.yar => generic_python_reverse_shell.yar} | 2 +- ...yar => generic_sharpshooter_payload_1.yar} | 2 +- ...ar => generic_sharpshooter_payload_10.yar} | 2 +- ...ar => generic_sharpshooter_payload_11.yar} | 2 +- ...ar => generic_sharpshooter_payload_12.yar} | 2 +- ...ar => generic_sharpshooter_payload_13.yar} | 2 +- ...yar => generic_sharpshooter_payload_2.yar} | 2 +- ...yar => generic_sharpshooter_payload_3.yar} | 2 +- ...yar => generic_sharpshooter_payload_4.yar} | 2 +- ...yar => generic_sharpshooter_payload_5.yar} | 2 +- ...yar => generic_sharpshooter_payload_6.yar} | 2 +- ...yar => generic_sharpshooter_payload_7.yar} | 2 +- ...yar => generic_sharpshooter_payload_8.yar} | 2 +- ...yar => generic_sharpshooter_payload_9.yar} | 2 +- ...or_hidden_service_leading_to_winports.yar} | 2 +- ...emongroup.yar => guerrilla_lemongroup.yar} | 2 +- ...der_lnk_file.yar => guloader_lnk_file.yar} | 2 +- ...rshell_1.yar => guloader_powershell_1.yar} | 2 +- ...der_unpacker.yar => guloader_unpacker.yar} | 2 +- ...oded.yar => guloader_unpacker_decoded.yar} | 2 +- ...der_vbscript.yar => guloader_vbscript.yar} | 2 +- ...alkatz.yar => hacktool_credentialkatz.yar} | 2 +- ...r => hacktool_defendercontrol_strings.yar} | 2 +- ...rings.yar => hacktool_dnscat2_strings.yar} | 2 +- ...yar => hacktool_duplicatedump_strings.yar} | 2 +- ...ngs.yar => hacktool_earthworm_strings.yar} | 2 +- ...strings.yar => hacktool_fscan_strings.yar} | 2 +- ...rings.yar => hacktool_gtunnel_strings.yar} | 2 +- ... => hacktool_impacket_compiled_binary.yar} | 2 +- ...nneling.yar => hacktool_iox_tunneling.yar} | 2 +- ...ngs.yar => hacktool_ipmipwner_strings.yar} | 2 +- ...rings.yar => hacktool_lazagne_strings.yar} | 2 +- ....yar => hacktool_ligolo_relay_strings.yar} | 2 +- ...trings.yar => hacktool_ligolo_strings.yar} | 2 +- ...gs.yar => hacktool_microsocks_strings.yar} | 2 +- ...s.yar => hacktool_mimikat_ssp_strings.yar} | 2 +- ...d.yar => hacktool_mimikatz_obfuscated.yar} | 2 +- ...ool_mimilite.yar => hacktool_mimilite.yar} | 2 +- ...rings.yar => hacktool_nbtscan_strings.yar} | 2 +- ...gs.yar => hacktool_ntdsdumpex_strings.yar} | 2 +- ...trings.yar => hacktool_ntospy_strings.yar} | 2 +- ...ings.yar => hacktool_pplblade_strings.yar} | 2 +- ...trings.yar => hacktool_rubeus_strings.yar} | 2 +- ...ngs.yar => hacktool_sharpview_strings.yar} | 2 +- ...strings.yar => hacktool_socat_strings.yar} | 2 +- ...ings.yar => hacktool_stowaway_strings.yar} | 2 +- ...iekatz.yar => hacktool_win_cookiekatz.yar} | 2 +- ...ool_win_gmer.yar => hacktool_win_gmer.yar} | 2 +- ...wertool.yar => hacktool_win_powertool.yar} | 2 +- ...ker.yar => hacktool_win_processhacker.yar} | 2 +- ...yar => hacktool_win_uknowseckeylogger.yar} | 2 +- ...alware.yar => hafnium_tarrask_malware.yar} | 2 +- ...ction.yar => icebot_exported_function.yar} | 2 +- ..._icedid_chm_ttp.yar => icedid_chm_ttp.yar} | 2 +- ..._any_sliver.yar => implant_any_sliver.yar} | 2 +- ...ar => implant_any_sliver_not_stripped.yar} | 2 +- ..._lin_geacon.yar => implant_lin_geacon.yar} | 2 +- ...ightning.yar => implant_lin_lightning.yar} | 2 +- ...tbucket.yar => implant_mac_rustbucket.yar} | 2 +- ...plant_mac_smoothoperator_update_agent.yar} | 2 +- ...os_geacon.yar => implant_macos_geacon.yar} | 2 +- ...lchimist.yar => implant_mul_alchimist.yar} | 2 +- ...2_10.yar => implant_win_apt29_2022_10.yar} | 2 +- ...in_flagpro.yar => implant_win_flagpro.yar} | 2 +- ..._win_geacon.yar => implant_win_geacon.yar} | 2 +- ...r => implant_win_graphiron_downloader.yar} | 2 +- ... => implant_win_havoc_default_strings.yar} | 2 +- ...oller.yar => implant_win_incontroller.yar} | 2 +- ....yar => implant_win_knotweed_jumplump.yar} | 2 +- ..._win_lyceum.yar => implant_win_lyceum.yar} | 2 +- ..._magicrat.yar => implant_win_magicrat.yar} | 2 +- ...snail.yar => implant_win_mysterysnail.yar} | 2 +- ..._pingpull.yar => implant_win_pingpull.yar} | 2 +- ...ar => implant_win_quantum_builder_lnk.yar} | 2 +- ...uasarrat.yar => implant_win_quasarrat.yar} | 2 +- ...ver_dll.yar => implant_win_sliver_dll.yar} | 2 +- ..._loader.yar => in2al5d_p3in4er_loader.yar} | 2 +- ..._realst.yar => infostealer_mac_realst.yar} | 2 +- ...iber.yar => infostealer_win_44caliber.yar} | 2 +- ...ar => infostealer_win_acridrain_mar23.yar} | 2 +- ...yar => infostealer_win_acrstealer_str.yar} | 2 +- ...in_agrat.yar => infostealer_win_agrat.yar} | 2 +- ..._aurora.yar => infostealer_win_aurora.yar} | 2 +- ...str.yar => infostealer_win_aurora_str.yar} | 2 +- ....yar => infostealer_win_banditstealer.yar} | 2 +- ...in_bebra.yar => infostealer_win_bebra.yar} | 2 +- ...ckcap.yar => infostealer_win_blackcap.yar} | 2 +- ...r => infostealer_win_blackguard_mar23.yar} | 2 +- ...ler.yar => infostealer_win_blustealer.yar} | 2 +- ...yar => infostealer_win_cinoshistealer.yar} | 2 +- ...str.yar => infostealer_win_daolpu_str.yar} | 2 +- ....yar => infostealer_win_doenerium_str.yar} | 2 +- ...klogs.yar => infostealer_win_ducklogs.yar} | 2 +- ...uard.yar => infostealer_win_edgeguard.yar} | 2 +- ...infostealer_win_enigma_initial_loader.yar} | 2 +- ... infostealer_win_enigma_loader_module.yar} | 2 +- ...infostealer_win_enigma_stealer_module.yar} | 2 +- ...rnity.yar => infostealer_win_eternity.yar} | 2 +- ...s.yar => infostealer_win_fwit_strings.yar} | 2 +- ...r => infostealer_win_ginzostealer_str.yar} | 2 +- ...orrah.yar => infostealer_win_gomorrah.yar} | 2 +- ....yar => infostealer_win_grmsk_strings.yar} | 2 +- ...ostealer_win_irontiger_chrome_stealer.yar} | 2 +- ..._win_leaf.yar => infostealer_win_leaf.yar} | 2 +- ...hting.yar => infostealer_win_lighting.yar} | 2 +- ...> infostealer_win_lumma_strings_aug23.yar} | 2 +- ... infostealer_win_lumma_strings_sept23.yar} | 2 +- ...r.yar => infostealer_win_mars_stealer.yar} | 2 +- ...aler_win_mars_stealer_variant_llcppc1.yar} | 2 +- ...ostealer_win_mars_stealer_xor_routine.yar} | 2 +- ....yar => infostealer_win_meduzastealer.yar} | 2 +- ...> infostealer_win_metastealer_strings.yar} | 2 +- ...b.yar => infostealer_win_monster_stub.yar} | 2 +- ...er.yar => infostealer_win_nekostealer.yar} | 2 +- ... => infostealer_win_nemesis_in_memory.yar} | 2 +- ..._win_nosu.yar => infostealer_win_nosu.yar} | 2 +- ...ar => infostealer_win_pennywise_mar23.yar} | 2 +- ...hoenix.yar => infostealer_win_phoenix.yar} | 2 +- ...ve.yar => infostealer_win_phoenixwave.yar} | 2 +- ...tealer_win_raccoon_str_takemypainback.yar} | 2 +- ...ar => infostealer_win_redline_strings.yar} | 2 +- ...ar => infostealer_win_solarmarker_dll.yar} | 2 +- ...nfostealer_win_solarmarker_powershell.yar} | 2 +- ...r.yar => infostealer_win_spacestealer.yar} | 2 +- ..._stealc.yar => infostealer_win_stealc.yar} | 2 +- ...r => infostealer_win_stealc_str_oct24.yar} | 2 +- ...ium.yar => infostealer_win_stealerium.yar} | 2 +- ...tty.yar => infostealer_win_stormkitty.yar} | 2 +- ...infostealer_win_stormkitty_exfil_urls.yar} | 2 +- ...in_titan.yar => infostealer_win_titan.yar} | 2 +- ...ar => infostealer_win_vidar_str_jul22.yar} | 2 +- ...> infostealer_win_vidar_strings_nov23.yar} | 2 +- ...ulturi.yar => infostealer_win_vulturi.yar} | 2 +- ...fostealer_win_whitesnake_loader_feb23.yar} | 2 +- ...ostealer_win_whitesnake_stealer_feb23.yar} | 2 +- ...stealer_win_whitesnake_xor_rc4_july12.yar} | 2 +- ...str.yar => infostealer_win_xehook_str.yar} | 2 +- ...> infostealer_win_xenostealer_strings.yar} | 2 +- ..._xfiles.yar => infostealer_win_xfiles.yar} | 2 +- ..._minibus.yar => installer_win_minibus.yar} | 2 +- ..._win_donot.yar => keylogger_win_donot.yar} | 2 +- ...ngs.yar => killfloor_avkiller_strings.yar} | 2 +- ...ky_konni_dll.yar => kimsuky_konni_dll.yar} | 2 +- ...io_koi_koiloader.yar => koi_koiloader.yar} | 2 +- ..._koi_netstealer.yar => koi_netstealer.yar} | 2 +- ... koi_powershell_loading_obfuscatednet.yar} | 2 +- ...io_koiloader_lnk.yar => koiloader_lnk.yar} | 2 +- ...iloader_powershell_reflective_loading.yar} | 2 +- ...per.yar => latrodectus_br4_js_dropper.yar} | 2 +- ...us_exports.yar => latrodectus_exports.yar} | 2 +- ...bluehaze.yar => launcher_win_bluehaze.yar} | 2 +- ...stcloak.yar => launcher_win_mistcloak.yar} | 2 +- ...r.yar => launcher_win_romcom_launcher.yar} | 2 +- ...uncher_win_stealthmutant_bat_launcher.yar} | 2 +- ...iaio_lnk_astaroth.yar => lnk_astaroth.yar} | 2 +- ...n.yar => loader_amadey_clipper_plugin.yar} | 2 +- ...yar => loader_amadey_standalone_may23.yar} | 2 +- ...n.yar => loader_amadey_stealer_plugin.yar} | 2 +- ...ader_fakebat_initial_powershell_may24.yar} | 2 +- ..._fakebat_powershell_fingerprint_may24.yar} | 2 +- ...tus_dll.yar => loader_latrodectus_dll.yar} | 2 +- ...abcloader.yar => loader_win_abcloader.yar} | 2 +- ...esloader.yar => loader_win_aresloader.yar} | 2 +- ...s.yar => loader_win_batloader_scripts.yar} | 2 +- ...bumblebee.yar => loader_win_bumblebee.yar} | 2 +- ...n_dodgebox.yar => loader_win_dodgebox.yar} | 2 +- ...dridex.yar => loader_win_doppeldridex.yar} | 2 +- ...r_win_erbium.yar => loader_win_erbium.yar} | 2 +- ...fudloader.yar => loader_win_fudloader.yar} | 2 +- ...n_gcleaner.yar => loader_win_gcleaner.yar} | 2 +- ...ellcode.yar => loader_win_goshellcode.yar} | 2 +- ...win_jennlog.yar => loader_win_jennlog.yar} | 2 +- ....yar => loader_win_jinxloader_strings.yar} | 2 +- ...konni_bat.yar => loader_win_konni_bat.yar} | 2 +- ...wpnprv.yar => loader_win_konni_wpnprv.yar} | 2 +- ...win_ninerat.yar => loader_win_ninerat.yar} | 2 +- ... => loader_win_operationmagalenha_vbs.yar} | 2 +- ...ader.yar => loader_win_piccassoloader.yar} | 2 +- ...crypter.yar => loader_win_purecrypter.yar} | 2 +- ...> loader_win_red0044_powershell_may24.yar} | 2 +- ...loader.yar => loader_win_revil_loader.yar} | 2 +- ...ffle.yar => loader_win_squirrelwaffle.yar} | 2 +- ....yar => loader_win_squirrelwaffle_doc.yar} | 2 +- ...ector.yar => loader_win_stealthvector.yar} | 2 +- ...ts.yar => loader_win_svcready_imports.yar} | 2 +- ...er.yar => luckymouse_sysupdate_loader.yar} | 2 +- ...d.yar => luckymouse_sysupdate_payload.yar} | 2 +- ...s_lnk_exploiting_webdav_share_generic.yar} | 2 +- ...ings.yar => malware_httpshell_strings.yar} | 2 +- ...strings.yar => malware_remcom_strings.yar} | 2 +- ...ngs.yar => malware_sugargh0st_strings.yar} | 2 +- ...ware_swordldr.yar => malware_swordldr.yar} | 2 +- ...ings.yar => malware_tinyshell_strings.yar} | 2 +- ...=> malware_valleyrat_1ststage_strings.yar} | 2 +- ... malware_valleyrat_downloader_strings.yar} | 2 +- ...r => malware_valleyrat_strings_config.yar} | 2 +- ...gs.yar => malware_venom_admin_strings.yar} | 2 +- ...gs.yar => malware_venom_agent_strings.yar} | 2 +- ...ware_win_lyceum_maldoc_macro_20220613.yar} | 2 +- ...alware_win_mex.yar => malware_win_mex.yar} | 2 +- ...in_passlib.yar => malware_win_passlib.yar} | 2 +- ...saka_samples.yar => manjusaka_samples.yar} | 2 +- ...splatform.yar => merlin_crossplatform.yar} | 2 +- ...lin_linux_elf.yar => merlin_linux_elf.yar} | 2 +- ..._merlin_win_dll.yar => merlin_win_dll.yar} | 2 +- ..._merlin_win_exe.yar => merlin_win_exe.yar} | 2 +- ...trings.yar => miner_lin_xmrig_strings.yar} | 2 +- ...trings.yar => miner_win_xmrig_strings.yar} | 2 +- .../{sekoiaio_nomercy.yar => nomercy.yar} | 2 +- ...bserverstealer.yar => observerstealer.yar} | 2 +- ...gs.yar => pe_princeransomware_strings.yar} | 2 +- ...ar => pe_stealer_axilestealer_strings.yar} | 2 +- ... => pe_stealer_scarletstealer_strings.yar} | 2 +- ...ngs.yar => platypus_winlinmac_strings.yar} | 2 +- ...al_payload.yar => plugx_final_payload.yar} | 2 +- ...iaio_radx_stealer.yar => radx_stealer.yar} | 2 +- ...=> ransomware_lin_avoslocker_sections.yar} | 2 +- ... => ransomware_lin_avoslocker_strings.yar} | 2 +- ....yar => ransomware_linux_icefire_2023.yar} | 2 +- ...mware_mallox.yar => ransomware_mallox.yar} | 2 +- ...n_agenda.yar => ransomware_win_agenda.yar} | 2 +- ...cker.yar => ransomware_win_avoslocker.yar} | 2 +- ...ackcat.yar => ransomware_win_blackcat.yar} | 2 +- ...ter.yar => ransomware_win_blackmatter.yar} | 2 +- ...win_chaos.yar => ransomware_win_chaos.yar} | 2 +- ..._2023.yar => ransomware_win_dodo_2023.yar} | 2 +- ...r => ransomware_win_eking_rich_header.yar} | 2 +- ...win_fonix.yar => ransomware_win_fonix.yar} | 2 +- ....yar => ransomware_win_honkai_jan2023.yar} | 2 +- ...win_karma.yar => ransomware_win_karma.yar} | 2 +- ...n_lorenz.yar => ransomware_win_lorenz.yar} | 2 +- ....yar => ransomware_win_masons_jan2023.yar} | 2 +- ...raworld.yar => ransomware_win_raworld.yar} | 2 +- ...deemer.yar => ransomware_win_redeemer.yar} | 2 +- ...ransom.yar => ransomware_win_scransom.yar} | 2 +- ...er.yar => ransomware_win_shrinklocker.yar} | 2 +- ...crypt.yar => ransomware_win_voidcrypt.yar} | 2 +- ...e_win_wing.yar => ransomware_win_wing.yar} | 2 +- ...n_string.yar => rat_darkvision_string.yar} | 2 +- ...obrat_2023.yar => rat_lin_gobrat_2023.yar} | 2 +- ...in_arrow_str.yar => rat_win_arrow_str.yar} | 2 +- ...io_rat_win_asbit.yar => rat_win_asbit.yar} | 2 +- ..._win_asyncrat.yar => rat_win_asyncrat.yar} | 2 +- ..._win_atharvan.yar => rat_win_atharvan.yar} | 2 +- ...at_win_babylon.yar => rat_win_babylon.yar} | 2 +- ...io_rat_win_borat.yar => rat_win_borat.yar} | 2 +- ...nchun.yar => rat_win_dcrat_qwqdanchun.yar} | 2 +- ...at_win_hiddenz.yar => rat_win_hiddenz.yar} | 2 +- ...in_konni_rat.yar => rat_win_konni_rat.yar} | 2 +- ..._rat_win_lilith.yar => rat_win_lilith.yar} | 2 +- ...in_millenium.yar => rat_win_millenium.yar} | 2 +- ...in_nighthawk.yar => rat_win_nighthawk.yar} | 2 +- ...at_win_ninerat.yar => rat_win_ninerat.yar} | 2 +- ..._strings.yar => rat_win_ratel_strings.yar} | 2 +- ..._rat_win_remcos.yar => rat_win_remcos.yar} | 2 +- ..._reverserat.yar => rat_win_reverserat.yar} | 2 +- ...payload.yar => rat_win_romcom_payload.yar} | 2 +- ...in_tutclient.yar => rat_win_tutclient.yar} | 2 +- ..._win_xeno_rat.yar => rat_win_xeno_rat.yar} | 2 +- ..._win_xworm_v2.yar => rat_win_xworm_v2.yar} | 2 +- ..._win_xworm_v3.yar => rat_win_xworm_v3.yar} | 2 +- ...trings.yar => recotool_adfind_strings.yar} | 2 +- ...troy.yar => reverseshell_win_1st_troy.yar} | 2 +- ...gs.yar => rootkit_diamorphine_strings.yar} | 2 +- ..._lin_winnti.yar => rootkit_lin_winnti.yar} | 2 +- ....yar => rootkit_win_purplefox_360_tct.yar} | 2 +- ...> rootkit_win_purplefox_kernel_driver.yar} | 2 +- ... => rootkit_win_purplefox_svchost_txt.yar} | 2 +- ...zarus_generic_downloader_7c3f94702fa7.yar} | 2 +- ...sekoiaio_infostealer_win_zharkbot_dump.yar | 23 -------------- .../sekoiaio_loader_win_truebot_dec22.yar | 30 ------------------- ...oiaio_trojan_win_bazarloader_setscreen.yar | 19 ------------ ..._win_danfuan.yar => shell_win_danfuan.yar} | 2 +- ...nd_bahamut.yar => spyware_and_bahamut.yar} | 2 +- ..._fastfire.yar => spyware_and_fastfire.yar} | 2 +- ...pyware_and_strongpity_mobile_backdoor.yar} | 2 +- ...otryspy.yar => stealer_win_demotryspy.yar} | 2 +- ...aler_win_luca.yar => stealer_win_luca.yar} | 2 +- ... stealer_win_mgbot_credential_stealer.yar} | 2 +- ..._win_strela.yar => stealer_win_strela.yar} | 2 +- ...files_dat.yar => storm_1811_files_dat.yar} | 2 +- ...ar => storm_1811_screenconnect_update.yar} | 2 +- ...ity_malware.yar => strongpity_malware.yar} | 2 +- ...users_dev.yar => suspicious_users_dev.yar} | 2 +- ...yar => ta410_control_flow_obfuscation.yar} | 2 +- ...x.yar => technique_csv_dde_exec_regex.yar} | 2 +- ...yfluff_nodejs.yar => tinyfluff_nodejs.yar} | 2 +- ...xy_strings.yar => tool_3proxy_strings.yar} | 2 +- ...rings.yar => tool_advancedrun_strings.yar} | 2 +- ...rm.yar => tool_bore_rust_any_platform.yar} | 2 +- ...ssgodzilla.yar => tool_bypassgodzilla.yar} | 2 +- ...cheat_engine.yar => tool_cheat_engine.yar} | 2 +- ...el_strings.yar => tool_chisel_strings.yar} | 2 +- ...strings.yar => tool_dogtunnel_strings.yar} | 2 +- ...gs.yar => tool_dynamicwrapper_strings.yar} | 2 +- ....yar => tool_edrsandblast_api_strings.yar} | 2 +- ....yar => tool_edrsandblast_cli_strings.yar} | 2 +- ... => tool_edrsandblast_kernelcallbacks.yar} | 2 +- ...ings.yar => tool_edrsandblast_strings.yar} | 2 +- ..._tool_efspotato.yar => tool_efspotato.yar} | 2 +- ...sekoiaio_tool_ehole.yar => tool_ehole.yar} | 2 +- ...trings.yar => tool_enum4linux_strings.yar} | 2 +- ...yar => tool_execit_obfuscator_strings.yar} | 2 +- ...yar => tool_exploit_badpotato_strings.yar} | 2 +- ....yar => tool_exploit_comahawk_strings.yar} | 2 +- ... => tool_exploit_rottenpotato_strings.yar} | 2 +- ..._generic_python_reverse_shell_strings.yar} | 2 +- ..._tool_godpotato.yar => tool_godpotato.yar} | 2 +- ...rings.yar => tool_gost_tunnel_strings.yar} | 2 +- ...t_strings.yar => tool_gsocket_strings.yar} | 2 +- ...ran_strings.yar => tool_htran_strings.yar} | 2 +- ...rings.yar => tool_impersonate_strings.yar} | 2 +- ...or_strings.yar => tool_inswor_strings.yar} | 2 +- ...ne_strings.yar => tool_iodine_strings.yar} | 2 +- ...r => tool_juicypotato_exploit_strings.yar} | 2 +- ...ngs.yar => tool_juicypotatong_strings.yar} | 2 +- ...ngs.yar => tool_koblas_server_strings.yar} | 2 +- ...don_strings.yar => tool_ladon_strings.yar} | 2 +- ...trings.yar => tool_lsass_dump_strings.yar} | 2 +- ...sky_strings.yar => tool_masky_strings.yar} | 2 +- ...strings.yar => tool_multidump_strings.yar} | 2 +- ...ing_strings.yar => tool_nping_strings.yar} | 2 +- ...nssm_strings.yar => tool_nssm_strings.yar} | 2 +- ...ec_strings.yar => tool_paexec_strings.yar} | 2 +- ...tool_pchunter_and_related_certificate.yar} | 2 +- ...l_petitpotato.yar => tool_petitpotato.yar} | 2 +- ...ool_pivotnacci.yar => tool_pivotnacci.yar} | 2 +- ...shell.yar => tool_pivotnacci_webshell.yar} | 2 +- ...nicorn.yar => tool_powershell_unicorn.yar} | 2 +- ...ypotato.yar => tool_printnotifypotato.yar} | 2 +- ...quarkspwdump.yar => tool_quarkspwdump.yar} | 2 +- ...e_strings.yar => tool_rathole_strings.yar} | 2 +- ...s.yar => tool_realblindingedr_strings.yar} | 2 +- ...trings.yar => tool_reversessh_strings.yar} | 2 +- ..._strings.yar => tool_revsocks_strings.yar} | 2 +- ...strings.yar => tool_rsockstun_strings.yar} | 2 +- ...us_strings.yar => tool_rubeus_strings.yar} | 2 +- ...ngs.yar => tool_runpeinmemory_strings.yar} | 2 +- ...ool_safetykatz.yar => tool_safetykatz.yar} | 2 +- ..._strings.yar => tool_scanline_strings.yar} | 2 +- ...gs.yar => tool_sharpefspotato_strings.yar} | 2 +- ... => tool_sharphoundexecutable_strings.yar} | 2 +- ... => tool_sharphoundpowershell_strings.yar} | 2 +- ...ings.yar => tool_sharpnbtscan_strings.yar} | 2 +- ...sharpsecdump.yar => tool_sharpsecdump.yar} | 2 +- ...strings.yar => tool_soaphound_strings.yar} | 2 +- ...l_ssf_strings.yar => tool_ssf_strings.yar} | 2 +- .../{sekoiaio_tool_swor.yar => tool_swor.yar} | 2 +- ...io_tool_sy_runas.yar => tool_sy_runas.yar} | 2 +- ...=> tool_tacticalrmm_installer_strings.yar} | 2 +- ...rings.yar => tool_tokenplayer_strings.yar} | 2 +- ...gs.yar => tool_webshell_b374k_strings.yar} | 2 +- ...yar => tool_win_blackfly_proxy_config.yar} | 2 +- ...driverjack.yar => tool_win_driverjack.yar} | 2 +- ...ground.yar => tool_win_forkplayground.yar} | 2 +- ...etsdump.yar => tool_win_gosecretsdump.yar} | 2 +- ...n_lightrail.yar => tool_win_lightrail.yar} | 2 +- ...arpshares.yar => tool_win_sharpshares.yar} | 2 +- ...n_snap2html.yar => tool_win_snap2html.yar} | 2 +- ..._strings.yar => tool_xiebroc2_strings.yar} | 2 +- ...sso_strings.yar => tool_yasso_strings.yar} | 2 +- ...and_keepspy.yar => trojan_and_keepspy.yar} | 2 +- ...oid_brata.yar => trojan_android_brata.yar} | 2 +- ...rberus.yar => trojan_android_cerberus.yar} | 2 +- ...morph.yar => trojan_android_xenomorph.yar} | 2 +- ...23.yar => trojan_win_bbtok_dll1_sep23.yar} | 2 +- ...p23.yar => trojan_win_bbtok_iso_sep23.yar} | 2 +- ...p23.yar => trojan_win_bbtok_lnk_sep23.yar} | 2 +- ...doreiro.yar => trojan_win_grandoreiro.yar} | 2 +- ...r => truesightkiller_avkiller_strings.yar} | 2 +- ..._stealer.yar => typhon_reborn_stealer.yar} | 2 +- ...rings.yar => unk_quad7_fsynet_strings.yar} | 2 +- ...strings.yar => unk_quad7_netd_strings.yar} | 2 +- ...nk_quad7_updtae_reverse_shell_strings.yar} | 2 +- ...777_xlogin.yar => unknown_7777_xlogin.yar} | 2 +- ...n.yar => unknown_quad7_wildcard_login.yar} | 2 +- .../{sekoiaio_ursnif.yar => ursnif.yar} | 2 +- ...koiaio_ursnif_ldr4.yar => ursnif_ldr4.yar} | 2 +- ...ul_softether.yar => vpn_mul_softether.yar} | 2 +- ...igbin_group.yar => water_sigbin_group.yar} | 2 +- ...ings.yar => webshell_icesword_strings.yar} | 2 +- ....yar => webshell_wso_webshell_strings.yar} | 2 +- ...yload.yar => weevely_webshell_payload.yar} | 2 +- ...er_generic.yar => win_clipper_generic.yar} | 2 +- ...ar => win_infostealer_serpent_strings.yar} | 2 +- ...r => win_loader_astasialoader_strings.yar} | 2 +- ...ler.yar => win_malware_agnianestealer.yar} | 2 +- ....yar => win_malware_janelarat_strings.yar} | 2 +- ...r.yar => win_malware_statc_downloader.yar} | 2 +- ...s.yar => wiper_hermeticwiper_variants.yar} | 2 +- ...addywiper.yar => wiper_win_caddywiper.yar} | 2 +- ...er_win_dnwipe.yar => wiper_win_dnwipe.yar} | 2 +- ...saacwiper.yar => wiper_win_isaacwiper.yar} | 2 +- ...r => wiper_win_nominatus_toxicbattery.yar} | 2 +- ...in_ruransom.yar => wiper_win_ruransom.yar} | 2 +- ...injector.yar => xworm_dotnet_injector.yar} | 2 +- ...iaio_yara_runascs.yar => yara_runascs.yar} | 2 +- ...in_abcloader.yar => zip_win_abcloader.yar} | 2 +- 760 files changed, 773 insertions(+), 828 deletions(-) create mode 100644 LICENSE rename yara_rules/{sekoiaio_apt37_rokrat_macho.yar => apt37_rokrat_macho.yar} (97%) rename yara_rules/{sekoiaio_apt_37_chinotto.yar => apt_37_chinotto.yar} (98%) rename yara_rules/{sekoiaio_apt_3cx_payload_stealer.yar => apt_3cx_payload_stealer.yar} (94%) rename yara_rules/{sekoiaio_apt_agent_racoon_strings.yar => apt_agent_racoon_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_andariel_dorarat_strings.yar => apt_andariel_dorarat_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_andariel_keylogger_strings.yar => apt_andariel_keylogger_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_andariel_nestdoor_variants_strings.yar => apt_andariel_nestdoor_variants_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_andariel_siennablue.yar => apt_andariel_siennablue.yar} (93%) rename yara_rules/{sekoiaio_apt_apt10_hui_loader.yar => apt_apt10_hui_loader.yar} (92%) rename yara_rules/{sekoiaio_apt_apt28_document_phishing_webpage.yar => apt_apt28_document_phishing_webpage.yar} (92%) rename yara_rules/{sekoiaio_apt_apt28_htmlsmuggling.yar => apt_apt28_htmlsmuggling.yar} (92%) rename yara_rules/{sekoiaio_apt_apt28_htmlsmuggling_disclosing_ip.yar => apt_apt28_htmlsmuggling_disclosing_ip.yar} (90%) rename yara_rules/{sekoiaio_apt_apt28_powershell_ntlm_stealer.yar => apt_apt28_powershell_ntlm_stealer.yar} (92%) rename yara_rules/{sekoiaio_apt_apt28_susp_graphite_downloader.yar => apt_apt28_susp_graphite_downloader.yar} (92%) rename yara_rules/{sekoiaio_apt_apt28_ukrnet_phishing_page.yar => apt_apt28_ukrnet_phishing_page.yar} (94%) rename yara_rules/{sekoiaio_apt_apt28_wayzgoose_exploit_string.yar => apt_apt28_wayzgoose_exploit_string.yar} (91%) rename yara_rules/{sekoiaio_apt_apt29_malicious_rdp_file.yar => apt_apt29_malicious_rdp_file.yar} (94%) rename yara_rules/{sekoiaio_apt_apt29_quarterrig.yar => apt_apt29_quarterrig.yar} (93%) rename yara_rules/{sekoiaio_apt_apt29_wineloader_malicious_hta.yar => apt_apt29_wineloader_malicious_hta.yar} (90%) rename yara_rules/{sekoiaio_apt_apt29_wineloader_malicious_pdf.yar => apt_apt29_wineloader_malicious_pdf.yar} (93%) rename yara_rules/{sekoiaio_apt_apt31_pakdoor.yar => apt_apt31_pakdoor.yar} (95%) rename yara_rules/{sekoiaio_apt_apt31_rekoobe.yar => apt_apt31_rekoobe.yar} (93%) rename yara_rules/{sekoiaio_apt_apt33_falsefont.yar => apt_apt33_falsefont.yar} (97%) rename yara_rules/{sekoiaio_apt_apt33_tickler.yar => apt_apt33_tickler.yar} (94%) rename yara_rules/{sekoiaio_apt_apt35_iisraid_strings.yar => apt_apt35_iisraid_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_apt37_chinotto_powershell_variant.yar => apt_apt37_chinotto_powershell_variant.yar} (92%) rename yara_rules/{sekoiaio_apt_apt37_malicious_hta_file.yar => apt_apt37_malicious_hta_file.yar} (92%) rename yara_rules/{sekoiaio_apt_apt41_javascript_dropper.yar => apt_apt41_javascript_dropper.yar} (92%) rename yara_rules/{sekoiaio_apt_apt41_keyplug_dropper.yar => apt_apt41_keyplug_dropper.yar} (92%) rename yara_rules/{sekoiaio_apt_apt41_powershell_collection_script.yar => apt_apt41_powershell_collection_script.yar} (91%) rename yara_rules/{sekoiaio_apt_apt41_powershell_exfiltration_script.yar => apt_apt41_powershell_exfiltration_script.yar} (90%) rename yara_rules/{sekoiaio_apt_apt_k_47_orpcbackdoor.yar => apt_apt_k_47_orpcbackdoor.yar} (93%) rename yara_rules/{sekoiaio_apt_apt_k_47_walkershell.yar => apt_apt_k_47_walkershell.yar} (93%) rename yara_rules/{sekoiaio_apt_aptc36_vbs_maldoc.yar => apt_aptc36_vbs_maldoc.yar} (94%) rename yara_rules/{sekoiaio_apt_aptc60_downloader_strings.yar => apt_aptc60_downloader_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_aptk47_asyncshell.yar => apt_aptk47_asyncshell.yar} (95%) rename yara_rules/{sekoiaio_apt_aptk47_maliciouslnk.yar => apt_aptk47_maliciouslnk.yar} (92%) rename yara_rules/{sekoiaio_apt_aridviper_rustsysjoker.yar => apt_aridviper_rustsysjoker.yar} (93%) rename yara_rules/{sekoiaio_apt_backdoordiplomaty_custommerlinagent_strings.yar => apt_backdoordiplomaty_custommerlinagent_strings.yar} (89%) rename yara_rules/{sekoiaio_apt_backdoordiplomaty_phantomnet.yar => apt_backdoordiplomaty_phantomnet.yar} (91%) rename yara_rules/{sekoiaio_apt_badmagic_commonmagic_generic_1.yar => apt_badmagic_commonmagic_generic_1.yar} (91%) rename yara_rules/{sekoiaio_apt_badmagic_commonmagic_generic_2.yar => apt_badmagic_commonmagic_generic_2.yar} (92%) rename yara_rules/{sekoiaio_apt_badmagic_commonmagic_main.yar => apt_badmagic_commonmagic_main.yar} (92%) rename yara_rules/{sekoiaio_apt_badmagic_commonmagic_screenshot_module.yar => apt_badmagic_commonmagic_screenshot_module.yar} (89%) rename yara_rules/{sekoiaio_apt_badmagic_commonmagic_usbstealer.yar => apt_badmagic_commonmagic_usbstealer.yar} (91%) rename yara_rules/{sekoiaio_apt_badmagic_generic_pshscript.yar => apt_badmagic_generic_pshscript.yar} (90%) rename yara_rules/{sekoiaio_apt_badmagic_installpzz_pshscript.yar => apt_badmagic_installpzz_pshscript.yar} (91%) rename yara_rules/{sekoiaio_apt_badmagic_ld_dll_loader_pshscript.yar => apt_badmagic_ld_dll_loader_pshscript.yar} (90%) rename yara_rules/{sekoiaio_apt_badmagic_listfiles_pshscript.yar => apt_badmagic_listfiles_pshscript.yar} (89%) rename yara_rules/{sekoiaio_apt_badmagic_malicious_lnk.yar => apt_badmagic_malicious_lnk.yar} (92%) rename yara_rules/{sekoiaio_apt_badmagic_modules.yar => apt_badmagic_modules.yar} (93%) rename yara_rules/{sekoiaio_apt_badmagic_reco_pshscript.yar => apt_badmagic_reco_pshscript.yar} (91%) rename yara_rules/{sekoiaio_apt_badmagic_startngrok_pshscript.yar => apt_badmagic_startngrok_pshscript.yar} (91%) rename yara_rules/{sekoiaio_apt_badmagic_startrevsocks_pshscript.yar => apt_badmagic_startrevsocks_pshscript.yar} (89%) rename yara_rules/{sekoiaio_apt_blackwood_nspx30_plugin.yar => apt_blackwood_nspx30_plugin.yar} (92%) rename yara_rules/{sekoiaio_apt_boldmove_strings.yar => apt_boldmove_strings.yar} (94%) rename yara_rules/{sekoiaio_apt_buhtrap_maldocx.yar => apt_buhtrap_maldocx.yar} (95%) rename yara_rules/{sekoiaio_apt_cerana_keeper_dropboxflop.yar => apt_cerana_keeper_dropboxflop.yar} (91%) rename yara_rules/{sekoiaio_apt_cerana_keeper_yk0130.yar => apt_cerana_keeper_yk0130.yar} (92%) rename yara_rules/{sekoiaio_apt_cloudatlas_init_module_virtualalloc.yar => apt_cloudatlas_init_module_virtualalloc.yar} (93%) rename yara_rules/{sekoiaio_apt_cloudatlas_powershower_clean.yar => apt_cloudatlas_powershower_clean.yar} (92%) rename yara_rules/{sekoiaio_apt_cloudatlas_powershower_module.yar => apt_cloudatlas_powershower_module.yar} (90%) rename yara_rules/{sekoiaio_apt_cloudatlas_powershower_obfuscated.yar => apt_cloudatlas_powershower_obfuscated.yar} (91%) rename yara_rules/{sekoiaio_apt_cloudatlas_powershower_variant.yar => apt_cloudatlas_powershower_variant.yar} (90%) rename yara_rules/{sekoiaio_apt_cloudatlas_powertunnel.yar => apt_cloudatlas_powertunnel.yar} (92%) rename yara_rules/{sekoiaio_apt_cloudatlas_powertunnel_loader.yar => apt_cloudatlas_powertunnel_loader.yar} (91%) rename yara_rules/{sekoiaio_apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar => apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar} (89%) rename yara_rules/{sekoiaio_apt_cloudatlas_stagescalldllmainafterexec.yar => apt_cloudatlas_stagescalldllmainafterexec.yar} (93%) rename yara_rules/{sekoiaio_apt_cloudmensis_downloader_strings.yar => apt_cloudmensis_downloader_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_cloudmensis_spyagent_strings.yar => apt_cloudmensis_spyagent_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_coathanger_beacon.yar => apt_coathanger_beacon.yar} (93%) rename yara_rules/{sekoiaio_apt_coathanger_files.yar => apt_coathanger_files.yar} (94%) rename yara_rules/{sekoiaio_apt_cottonsandstorm_win_implant.yar => apt_cottonsandstorm_win_implant.yar} (93%) rename yara_rules/{sekoiaio_apt_dark_pink_pdb_path.yar => apt_dark_pink_pdb_path.yar} (94%) rename yara_rules/{sekoiaio_apt_darkpink_kamikakabot_strings.yar => apt_darkpink_kamikakabot_strings.yar} (95%) rename yara_rules/{sekoiaio_apt_darkpink_loader_decryptionroutine.yar => apt_darkpink_loader_decryptionroutine.yar} (95%) rename yara_rules/{sekoiaio_apt_darkpink_sample.yar => apt_darkpink_sample.yar} (94%) rename yara_rules/{sekoiaio_apt_emberbear_credpump_strings.yar => apt_emberbear_credpump_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_luckymouse_sysupdate_removing_tool.yar => apt_emissarypanda_sysupdate_removing_tool.yar} (90%) rename yara_rules/{sekoiaio_apt_emissarypanda_web_auto_attack_tool.yar => apt_emissarypanda_web_auto_attack_tool.yar} (92%) rename yara_rules/{sekoiaio_apt_evasive_panda_downloader_certificate_exe.yar => apt_evasive_panda_downloader_certificate_exe.yar} (88%) rename yara_rules/{sekoiaio_apt_evasive_panda_rphost_dll.yar => apt_evasive_panda_rphost_dll.yar} (92%) rename yara_rules/{sekoiaio_apt_flightnight_malicious_lnk.yar => apt_flightnight_malicious_lnk.yar} (92%) rename yara_rules/{sekoiaio_apt_gamaredon_ddrdoh_powershell_backdoor.yar => apt_gamaredon_ddrdoh_powershell_backdoor.yar} (91%) rename yara_rules/{sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader.yar => apt_gamaredon_ddrdoh_vbs_downloader.yar} (94%) rename yara_rules/{sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar => apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar} (92%) rename yara_rules/{sekoiaio_apt_gamaredon_doc_external_template.yar => apt_gamaredon_doc_external_template.yar} (90%) rename yara_rules/{sekoiaio_apt_gamaredon_flash_infostealer.yar => apt_gamaredon_flash_infostealer.yar} (93%) rename yara_rules/{sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader.yar => apt_gamaredon_gamaredon_lnk_usb_spreader.yar} (93%) rename yara_rules/{sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar => apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar} (90%) rename yara_rules/{sekoiaio_apt_gamaredon_gammaload_malicioushta.yar => apt_gamaredon_gammaload_malicioushta.yar} (92%) rename yara_rules/{sekoiaio_apt_gamaredon_gammaload_maliciouslnk.yar => apt_gamaredon_gammaload_maliciouslnk.yar} (90%) rename yara_rules/{sekoiaio_apt_gamaredon_getlogicaldrive_hunting.yar => apt_gamaredon_getlogicaldrive_hunting.yar} (91%) rename yara_rules/{sekoiaio_apt_gamaredon_htmlsmuggling_2024.yar => apt_gamaredon_htmlsmuggling_2024.yar} (93%) rename yara_rules/{sekoiaio_apt_gamaredon_htmlsmuggling_attachment.yar => apt_gamaredon_htmlsmuggling_attachment.yar} (90%) rename yara_rules/{sekoiaio_apt_gamaredon_htmlsmuggling_attachment_stage2.yar => apt_gamaredon_htmlsmuggling_attachment_stage2.yar} (90%) rename yara_rules/{sekoiaio_apt_gamaredon_lnk.yar => apt_gamaredon_lnk.yar} (93%) rename yara_rules/{sekoiaio_apt_gamaredon_lnk_spreader.yar => apt_gamaredon_lnk_spreader.yar} (93%) rename yara_rules/{sekoiaio_apt_gamaredon_lnks_farl139_hostname.yar => apt_gamaredon_lnks_farl139_hostname.yar} (89%) rename yara_rules/{sekoiaio_apt_gamaredon_powerrevshell.yar => apt_gamaredon_powerrevshell.yar} (91%) rename yara_rules/{sekoiaio_apt_gamaredon_stealer_obfuscation_1.yar => apt_gamaredon_stealer_obfuscation_1.yar} (92%) rename yara_rules/{sekoiaio_apt_gamaredon_stealer_obfuscation_2.yar => apt_gamaredon_stealer_obfuscation_2.yar} (90%) rename yara_rules/{sekoiaio_apt_gamaredon_subtle_paws.yar => apt_gamaredon_subtle_paws.yar} (93%) rename yara_rules/{sekoiaio_apt_gamaredon_vbs_downloader.yar => apt_gamaredon_vbs_downloader.yar} (94%) rename yara_rules/{sekoiaio_apt_gelsemium_firewood_backdoor.yar => apt_gelsemium_firewood_backdoor.yar} (92%) rename yara_rules/{sekoiaio_apt_gelsemium_wolfsbane_backdoor.yar => apt_gelsemium_wolfsbane_backdoor.yar} (92%) rename yara_rules/{sekoiaio_apt_gelsemium_wolfsbane_launcher.yar => apt_gelsemium_wolfsbane_launcher.yar} (92%) rename yara_rules/{sekoiaio_apt_gelsemium_wolfsbane_rootkit.yar => apt_gelsemium_wolfsbane_rootkit.yar} (93%) rename yara_rules/{sekoiaio_apt_globalshadow.yar => apt_globalshadow.yar} (96%) rename yara_rules/{sekoiaio_apt_gobrat_2.yar => apt_gobrat_2.yar} (93%) rename yara_rules/{sekoiaio_apt_granitetyphoon_pingpulllinux_strings.yar => apt_granitetyphoon_pingpulllinux_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_granitetyphoon_sword2023_strings.yar => apt_granitetyphoon_sword2023_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_icepeony_icecache.yar => apt_icepeony_icecache.yar} (97%) rename yara_rules/{sekoiaio_apt_icepeony_iceevent.yar => apt_icepeony_iceevent.yar} (95%) rename yara_rules/{sekoiaio_apt_implant_xdealer_linux_variant_strings.yar => apt_implant_xdealer_linux_variant_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_implant_xdealer_stealer_strings.yar => apt_implant_xdealer_stealer_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_implant_xdealer_strings.yar => apt_implant_xdealer_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_implant_xdealer_vbs_launcher_strings.yar => apt_implant_xdealer_vbs_launcher_strings.yar} (88%) rename yara_rules/{sekoiaio_apt_ir_sugarush_implant.yar => apt_ir_sugarush_implant.yar} (93%) rename yara_rules/{sekoiaio_apt_ivanti_krustyloader.yar => apt_ivanti_krustyloader.yar} (95%) rename yara_rules/{sekoiaio_apt_kimsuky_fpspy.yar => apt_kimsuky_fpspy.yar} (94%) rename yara_rules/{sekoiaio_apt_kimsuky_klogexe.yar => apt_kimsuky_klogexe.yar} (96%) rename yara_rules/{sekoiaio_apt_kimsuky_malicious_gotopwsh_lnk.yar => apt_kimsuky_malicious_gotopwsh_lnk.yar} (90%) rename yara_rules/{sekoiaio_apt_kimsuky_malicious_vba.yar => apt_kimsuky_malicious_vba.yar} (91%) rename yara_rules/{sekoiaio_apt_kimsuky_powershell.yar => apt_kimsuky_powershell.yar} (95%) rename yara_rules/{sekoiaio_apt_kimsuky_powershell_dropper_strings.yar => apt_kimsuky_powershell_dropper_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_kimsuky_sharpext_compromised_securepreferences.yar => apt_kimsuky_sharpext_compromised_securepreferences.yar} (88%) rename yara_rules/{sekoiaio_apt_kimsuky_sharpext_devps1_strings.yar => apt_kimsuky_sharpext_devps1_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_kimsuky_sharpext_devtoolmodule_strings.yar => apt_kimsuky_sharpext_devtoolmodule_strings.yar} (89%) rename yara_rules/{sekoiaio_apt_kimsuky_sharpext_jsexfil_strings.yar => apt_kimsuky_sharpext_jsexfil_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_kimsuky_sharptongue_c2_source.yar => apt_kimsuky_sharptongue_c2_source.yar} (90%) rename yara_rules/{sekoiaio_apt_kimsuky_sharptongue_strings.yar => apt_kimsuky_sharptongue_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_kimsuky_sharptongue_vbslauncher_strings.yar => apt_kimsuky_sharptongue_vbslauncher_strings.yar} (88%) rename yara_rules/{sekoiaio_apt_kimsuky_toddlershark_obfuscated.yar => apt_kimsuky_toddlershark_obfuscated.yar} (92%) rename yara_rules/{sekoiaio_apt_kimsuky_toddlershark_strings.yar => apt_kimsuky_toddlershark_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_kimsuky_validator_strings.yar => apt_kimsuky_validator_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_kimsuky_vbs.yar => apt_kimsuky_vbs.yar} (95%) rename yara_rules/{sekoiaio_apt_kimsuky_vbs_powershell_downloader.yar => apt_kimsuky_vbs_powershell_downloader.yar} (90%) rename yara_rules/{sekoiaio_apt_konni.yar => apt_konni.yar} (97%) rename yara_rules/{sekoiaio_apt_konni_check_bat.yar => apt_konni_check_bat.yar} (94%) rename yara_rules/{sekoiaio_apt_konni_dropper.yar => apt_konni_dropper.yar} (93%) rename yara_rules/{sekoiaio_apt_lazarus_backdoored_jslib.yar => apt_lazarus_backdoored_jslib.yar} (91%) rename yara_rules/{sekoiaio_apt_lazarus_blindingcan_rtti.yar => apt_lazarus_blindingcan_rtti.yar} (90%) rename yara_rules/{sekoiaio_apt_lazarus_dangerouspassword_lnk.yar => apt_lazarus_dangerouspassword_lnk.yar} (94%) rename yara_rules/{sekoiaio_apt_lazarus_dll_c2_comms.yar => apt_lazarus_dll_c2_comms.yar} (97%) rename yara_rules/{sekoiaio_apt_lazarus_gopuram_backdoor.yar => apt_lazarus_gopuram_backdoor.yar} (96%) rename yara_rules/{sekoiaio_apt_lazarus_lambload_timecheck.yar => apt_lazarus_lambload_timecheck.yar} (98%) rename yara_rules/{sekoiaio_apt_lazarus_pondrat.yar => apt_lazarus_pondrat.yar} (96%) rename yara_rules/{sekoiaio_apt_lazarus_vhd_ransomware_downloader.yar => apt_lazarus_vhd_ransomware_downloader.yar} (92%) rename yara_rules/{sekoiaio_apt_lazarus_vhd_ransomware_loader.yar => apt_lazarus_vhd_ransomware_loader.yar} (94%) rename yara_rules/{sekoiaio_apt_luckymouse_compromised_electronapp.yar => apt_luckymouse_compromised_electronapp.yar} (88%) rename yara_rules/{sekoiaio_apt_luckymouse_rshell_strings.yar => apt_luckymouse_rshell_strings.yar} (94%) rename yara_rules/{sekoiaio_apt_luckymouse_rshell_strings_all_platform.yar => apt_luckymouse_rshell_strings_all_platform.yar} (89%) rename yara_rules/{sekoiaio_apt_emissarypanda_sysupdate_removing_tool.yar => apt_luckymouse_sysupdate_removing_tool.yar} (89%) rename yara_rules/{sekoiaio_apt_malware_pocoproxy.yar => apt_malware_pocoproxy.yar} (95%) rename yara_rules/{sekoiaio_apt_menupass_maliciouslibvlc_dll.yar => apt_menupass_maliciouslibvlc_dll.yar} (90%) rename yara_rules/{sekoiaio_apt_micdown_encrypted_configuration.yar => apt_micdown_encrypted_configuration.yar} (90%) rename yara_rules/{sekoiaio_apt_muddywater_manifestation_backdoor.yar => apt_muddywater_manifestation_backdoor.yar} (92%) rename yara_rules/{sekoiaio_apt_muddywater_manifestation_backdoor_obfuscated.yar => apt_muddywater_manifestation_backdoor_obfuscated.yar} (90%) rename yara_rules/{sekoiaio_apt_muddywater_moriagent.yar => apt_muddywater_moriagent.yar} (95%) rename yara_rules/{sekoiaio_apt_muddywater_muddyc2go_dll_launcher_strings.yar => apt_muddywater_muddyc2go_dll_launcher_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_muddywater_powershell_reverse_secure_proxy.yar => apt_muddywater_powershell_reverse_secure_proxy.yar} (88%) rename yara_rules/{sekoiaio_apt_muddywater_powgoop_decode_loop.yar => apt_muddywater_powgoop_decode_loop.yar} (92%) rename yara_rules/{sekoiaio_apt_muddywater_powgoop_decoded.yar => apt_muddywater_powgoop_decoded.yar} (94%) rename yara_rules/{sekoiaio_apt_muddywater_powgoop_loader.yar => apt_muddywater_powgoop_loader.yar} (92%) rename yara_rules/{sekoiaio_apt_muddywater_rotrot_strings.yar => apt_muddywater_rotrot_strings.yar} (95%) rename yara_rules/{sekoiaio_apt_mustang_panda_nupakage.yar => apt_mustang_panda_nupakage.yar} (92%) rename yara_rules/{sekoiaio_apt_mustang_panda_toneins.yar => apt_mustang_panda_toneins.yar} (97%) rename yara_rules/{sekoiaio_apt_mustang_panda_toneshell.yar => apt_mustang_panda_toneshell.yar} (98%) rename yara_rules/{sekoiaio_apt_mustangpanda_coolclient.yar => apt_mustangpanda_coolclient.yar} (92%) rename yara_rules/{sekoiaio_apt_mustangpanda_decrypt_payload.yar => apt_mustangpanda_decrypt_payload.yar} (91%) rename yara_rules/{sekoiaio_apt_mustangpanda_downloader.yar => apt_mustangpanda_downloader.yar} (91%) rename yara_rules/{sekoiaio_apt_mustangpanda_malicious_lnk_worm.yar => apt_mustangpanda_malicious_lnk_worm.yar} (88%) rename yara_rules/{sekoiaio_apt_mustangpanda_maliciousdll_loading_plugx_strings.yar => apt_mustangpanda_maliciousdll_loading_plugx_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_mustangpanda_mqsttang_qmagent.yar => apt_mustangpanda_mqsttang_qmagent.yar} (93%) rename yara_rules/{sekoiaio_apt_mustangpanda_payload.yar => apt_mustangpanda_payload.yar} (95%) rename yara_rules/{sekoiaio_apt_mustangpanda_tinynote.yar => apt_mustangpanda_tinynote.yar} (93%) rename yara_rules/{sekoiaio_apt_mustangpanda_tonedrop.yar => apt_mustangpanda_tonedrop.yar} (97%) rename yara_rules/{sekoiaio_apt_mustangpanda_windows_remoteshell.yar => apt_mustangpanda_windows_remoteshell.yar} (98%) rename yara_rules/{sekoiaio_apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar => apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar} (88%) rename yara_rules/{sekoiaio_apt_mustangpanda_xoreddll.yar => apt_mustangpanda_xoreddll.yar} (93%) rename yara_rules/{sekoiaio_apt_mustangpanda_zpakage.yar => apt_mustangpanda_zpakage.yar} (95%) rename yara_rules/{sekoiaio_apt_nobelium_acrobox_downloader_apr2022.yar => apt_nobelium_acrobox_downloader_apr2022.yar} (91%) rename yara_rules/{sekoiaio_apt_nobelium_nativezone_gen.yar => apt_nobelium_nativezone_gen.yar} (95%) rename yara_rules/{sekoiaio_apt_oilrig_clipog_strings.yar => apt_oilrig_clipog_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_oilrig_maliciousdocument_may2022.yar => apt_oilrig_maliciousdocument_may2022.yar} (92%) rename yara_rules/{sekoiaio_apt_oilrig_odagent_strings.yar => apt_oilrig_odagent_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_oilrig_oilbooster_strings.yar => apt_oilrig_oilbooster_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_oilrig_powerexchange.yar => apt_oilrig_powerexchange.yar} (94%) rename yara_rules/{sekoiaio_apt_oilrig_saitama_backdoor_may2022.yar => apt_oilrig_saitama_backdoor_may2022.yar} (92%) rename yara_rules/{sekoiaio_apt_oilrig_saitama_backdoor_may2022_2.yar => apt_oilrig_saitama_backdoor_may2022_2.yar} (90%) rename yara_rules/{sekoiaio_apt_oilrig_sc5kv3_strings.yar => apt_oilrig_sc5kv3_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_oilrig_webshell.yar => apt_oilrig_webshell.yar} (92%) rename yara_rules/{sekoiaio_apt_polonium_deepcreep_strings.yar => apt_polonium_deepcreep_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_polonium_megacreep_strings.yar => apt_polonium_megacreep_strings.yar} (94%) rename yara_rules/{sekoiaio_apt_polonium_powershell_creepydrive_strings.yar => apt_polonium_powershell_creepydrive_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_polonium_technocreep_strings.yar => apt_polonium_technocreep_strings.yar} (94%) rename yara_rules/{sekoiaio_apt_qnapworm_loader_may2022.yar => apt_qnapworm_loader_may2022.yar} (93%) rename yara_rules/{sekoiaio_apt_queueseed.yar => apt_queueseed.yar} (96%) rename yara_rules/{sekoiaio_apt_reaper_2fa_phishing_webpage.yar => apt_reaper_2fa_phishing_webpage.yar} (93%) rename yara_rules/{sekoiaio_apt_reaper_malicious_lnk.yar => apt_reaper_malicious_lnk.yar} (89%) rename yara_rules/{sekoiaio_apt_redhotel_maliciouslnk_strings.yar => apt_redhotel_maliciouslnk_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_rusticweb_stealer.yar => apt_rusticweb_stealer.yar} (92%) rename yara_rules/{sekoiaio_apt_sandworm_awfulshred_obfuscation_apr2022.yar => apt_sandworm_awfulshred_obfuscation_apr2022.yar} (87%) rename yara_rules/{sekoiaio_apt_sandworm_caddywiper_stacked_strings.yar => apt_sandworm_caddywiper_stacked_strings.yar} (96%) rename yara_rules/{sekoiaio_apt_sandworm_notpetya_strings.yar => apt_sandworm_notpetya_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_sandworm_olympicdestroyer.yar => apt_sandworm_olympicdestroyer.yar} (93%) rename yara_rules/{sekoiaio_apt_sandworm_orcshred_apr2022.yar => apt_sandworm_orcshred_apr2022.yar} (90%) rename yara_rules/{sekoiaio_apt_sandworm_powergap_apr2022.yar => apt_sandworm_powergap_apr2022.yar} (93%) rename yara_rules/{sekoiaio_apt_scanbox_framework_not_obfuscated.yar => apt_scanbox_framework_not_obfuscated.yar} (92%) rename yara_rules/{sekoiaio_apt_scanbox_obfuscated_versions.yar => apt_scanbox_obfuscated_versions.yar} (92%) rename yara_rules/{sekoiaio_apt_shadowpad_first_called_function.yar => apt_shadowpad_first_called_function.yar} (93%) rename yara_rules/{sekoiaio_apt_sidecopy_actionrat_packer_strings.yar => apt_sidecopy_actionrat_packer_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_sidecopy_cheex.yar => apt_sidecopy_cheex.yar} (92%) rename yara_rules/{sekoiaio_apt_sidecopy_malicious_macro.yar => apt_sidecopy_malicious_macro.yar} (92%) rename yara_rules/{sekoiaio_apt_sidecopy_reverserat_strings.yar => apt_sidecopy_reverserat_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_sofacy_graphitemalware_generic.yar => apt_sofacy_graphitemalware_generic.yar} (93%) rename yara_rules/{sekoiaio_apt_spikedwine_malicious_hta.yar => apt_spikedwine_malicious_hta.yar} (90%) rename yara_rules/{sekoiaio_apt_spikedwine_wineloader.yar => apt_spikedwine_wineloader.yar} (94%) rename yara_rules/{sekoiaio_apt_spynote_android_dex_strings.yar => apt_spynote_android_dex_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_stripedfly.yar => apt_stripedfly.yar} (94%) rename yara_rules/{sekoiaio_apt_sugardump_credentials_stealer_http.yar => apt_sugardump_credentials_stealer_http.yar} (93%) rename yara_rules/{sekoiaio_apt_sugardump_credentials_stealer_smtp.yar => apt_sugardump_credentials_stealer_smtp.yar} (91%) rename yara_rules/{sekoiaio_apt_sugargh0stcampaign_malicious_lnk.yar => apt_sugargh0stcampaign_malicious_lnk.yar} (89%) rename yara_rules/{sekoiaio_apt_susp_apt28_uac0063_hatvibe.yar => apt_susp_apt28_uac0063_hatvibe.yar} (93%) rename yara_rules/{sekoiaio_apt_susp_apt28_uac0063_hta_loader.yar => apt_susp_apt28_uac0063_hta_loader.yar} (92%) rename yara_rules/{sekoiaio_apt_susp_apt28_uac0063_malicious_doc.yar => apt_susp_apt28_uac0063_malicious_doc.yar} (91%) rename yara_rules/{sekoiaio_apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar => apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar} (91%) rename yara_rules/{sekoiaio_apt_susp_apt28_uac0063_malicious_doc_vba.yar => apt_susp_apt28_uac0063_malicious_doc_vba.yar} (91%) rename yara_rules/{sekoiaio_apt_susp_lazarus_dangerous_password.yar => apt_susp_lazarus_dangerous_password.yar} (87%) rename yara_rules/{sekoiaio_apt_suspected_sandworm_sdelete_wiper.yar => apt_suspected_sandworm_sdelete_wiper.yar} (91%) rename yara_rules/{sekoiaio_apt_ta410_driver_keylogger.yar => apt_ta410_driver_keylogger.yar} (93%) rename yara_rules/{sekoiaio_apt_ta410_flowcloud_loader.yar => apt_ta410_flowcloud_loader.yar} (94%) rename yara_rules/{sekoiaio_apt_ta410_flowcloud_rtti.yar => apt_ta410_flowcloud_rtti.yar} (92%) rename yara_rules/{sekoiaio_apt_ta428_tmanger_strings.yar => apt_ta428_tmanger_strings.yar} (94%) rename yara_rules/{sekoiaio_apt_tealkurma_snappytcp_reverse_shell_strings.yar => apt_tealkurma_snappytcp_reverse_shell_strings.yar} (89%) rename yara_rules/{sekoiaio_apt_tealkurma_snappytcp_strings.yar => apt_tealkurma_snappytcp_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_toddycat_toddybox_strings.yar => apt_toddycat_toddybox_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_toddycat_tomberbil_strings.yar => apt_toddycat_tomberbil_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_toddycat_waexp_strings.yar => apt_toddycat_waexp_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_toneshell_loader.yar => apt_toneshell_loader.yar} (97%) rename yara_rules/{sekoiaio_apt_toneshell_shellcode.yar => apt_toneshell_shellcode.yar} (95%) rename yara_rules/{sekoiaio_apt_tortoiseshell_imaploader.yar => apt_tortoiseshell_imaploader.yar} (91%) rename yara_rules/{sekoiaio_apt_tortoiseshell_wateringhole_script.yar => apt_tortoiseshell_wateringhole_script.yar} (92%) rename yara_rules/{sekoiaio_apt_turla_comlook.yar => apt_turla_comlook.yar} (97%) rename yara_rules/{sekoiaio_apt_turla_kazuar_variant_2023.yar => apt_turla_kazuar_variant_2023.yar} (91%) rename yara_rules/{sekoiaio_apt_uac0099_lonepage.yar => apt_uac0099_lonepage.yar} (96%) rename yara_rules/{sekoiaio_apt_uac0154_malicious_html_smuggling.yar => apt_uac0154_malicious_html_smuggling.yar} (89%) rename yara_rules/{sekoiaio_apt_uac0154_powershell_infection_chain_1.yar => apt_uac0154_powershell_infection_chain_1.yar} (88%) rename yara_rules/{sekoiaio_apt_uac0154_powershell_infection_chain_2.yar => apt_uac0154_powershell_infection_chain_2.yar} (89%) rename yara_rules/{sekoiaio_apt_unc3524_quietexit_strings.yar => apt_unc3524_quietexit_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_unc4990_emptyspace_pyc.yar => apt_unc4990_emptyspace_pyc.yar} (96%) rename yara_rules/{sekoiaio_apt_unc4990_explorer_ps1.yar => apt_unc4990_explorer_ps1.yar} (92%) rename yara_rules/{sekoiaio_apt_unc4990_explorer_ps1_reverse_b64.yar => apt_unc4990_explorer_ps1_reverse_b64.yar} (91%) rename yara_rules/{sekoiaio_apt_unk_batcopier_strings.yar => apt_unk_batcopier_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_unk_dex_china_freedom_trap_spyware.yar => apt_unk_dex_china_freedom_trap_spyware.yar} (94%) rename yara_rules/{sekoiaio_apt_unk_hrserv_memory_commands_strings.yar => apt_unk_hrserv_memory_commands_strings.yar} (91%) rename yara_rules/{sekoiaio_apt_unk_hrserv_webshell_strings.yar => apt_unk_hrserv_webshell_strings.yar} (93%) rename yara_rules/{sekoiaio_apt_unk_malicious_lnk.yar => apt_unk_malicious_lnk.yar} (94%) rename yara_rules/{sekoiaio_apt_unknown_sessionmanageriis_strings.yar => apt_unknown_sessionmanageriis_strings.yar} (92%) rename yara_rules/{sekoiaio_apt_uta0178_javascript_inclusion_strings.yar => apt_uta0178_javascript_inclusion_strings.yar} (90%) rename yara_rules/{sekoiaio_apt_uta0218_upstyle_backdoor_strings.yar => apt_uta0218_upstyle_backdoor_strings.yar} (94%) rename yara_rules/{sekoiaio_apt_win_disabledefender.yar => apt_win_disabledefender.yar} (93%) rename yara_rules/{sekoiaio_apt_windows_wip19_screencap.yar => apt_windows_wip19_screencap.yar} (93%) rename yara_rules/{sekoiaio_apt_yemen_apk_guardzoo.yar => apt_yemen_apk_guardzoo.yar} (97%) rename yara_rules/{sekoiaio_backdoor_blueshell.yar => backdoor_blueshell.yar} (94%) rename yara_rules/{sekoiaio_backdoor_lin_bifrost.yar => backdoor_lin_bifrost.yar} (95%) rename yara_rules/{sekoiaio_backdoor_lin_bpfdoor.yar => backdoor_lin_bpfdoor.yar} (96%) rename yara_rules/{sekoiaio_backdoor_lin_sysupdate.yar => backdoor_lin_sysupdate.yar} (93%) rename yara_rules/{sekoiaio_backdoor_mul_sparkrat.yar => backdoor_mul_sparkrat.yar} (98%) rename yara_rules/{sekoiaio_backdoor_mul_supershell_client.yar => backdoor_mul_supershell_client.yar} (95%) rename yara_rules/{sekoiaio_backdoor_opensource_northstar_strings.yar => backdoor_opensource_northstar_strings.yar} (91%) rename yara_rules/{sekoiaio_backdoor_oyster.yar => backdoor_oyster.yar} (93%) rename yara_rules/{sekoiaio_backdoor_powershellempire_batlauchers.yar => backdoor_powershellempire_batlauchers.yar} (91%) rename yara_rules/{sekoiaio_backdoor_powershellempire_csharp.yar => backdoor_powershellempire_csharp.yar} (94%) rename yara_rules/{sekoiaio_backdoor_powershellempire_gen.yar => backdoor_powershellempire_gen.yar} (90%) rename yara_rules/{sekoiaio_backdoor_powershellempire_python.yar => backdoor_powershellempire_python.yar} (89%) rename yara_rules/{sekoiaio_backdoor_powershellempire_sharpire.yar => backdoor_powershellempire_sharpire.yar} (91%) rename yara_rules/{sekoiaio_backdoor_sandman_strings.yar => backdoor_sandman_strings.yar} (93%) rename yara_rules/{sekoiaio_backdoor_win_andardoor.yar => backdoor_win_andardoor.yar} (96%) rename yara_rules/{sekoiaio_backdoor_win_blackrat.yar => backdoor_win_blackrat.yar} (97%) rename yara_rules/{sekoiaio_backdoor_win_feedload.yar => backdoor_win_feedload.yar} (92%) rename yara_rules/{sekoiaio_backdoor_win_foresttiger.yar => backdoor_win_foresttiger.yar} (95%) rename yara_rules/{sekoiaio_backdoor_win_headertip.yar => backdoor_win_headertip.yar} (96%) rename yara_rules/{sekoiaio_backdoor_win_ketrum2.yar => backdoor_win_ketrum2.yar} (97%) rename yara_rules/{sekoiaio_backdoor_win_kimsuky.yar => backdoor_win_kimsuky.yar} (98%) rename yara_rules/{sekoiaio_backdoor_win_mgbot_main.yar => backdoor_win_mgbot_main.yar} (97%) rename yara_rules/{sekoiaio_backdoor_win_minibike.yar => backdoor_win_minibike.yar} (97%) rename yara_rules/{sekoiaio_backdoor_win_minibus.yar => backdoor_win_minibus.yar} (97%) rename yara_rules/{sekoiaio_backdoor_win_nukesped_andariel.yar => backdoor_win_nukesped_andariel.yar} (94%) rename yara_rules/{sekoiaio_backdoor_win_rokrat.yar => backdoor_win_rokrat.yar} (98%) rename yara_rules/{sekoiaio_backdoor_win_rollsling.yar => backdoor_win_rollsling.yar} (96%) rename yara_rules/{sekoiaio_backdoor_win_sidewinder_cobaltstrike_2022_09.yar => backdoor_win_sidewinder_cobaltstrike_2022_09.yar} (94%) rename yara_rules/{sekoiaio_backdoor_win_spacecolon.yar => backdoor_win_spacecolon.yar} (97%) rename yara_rules/{sekoiaio_backdoor_win_sponsor.yar => backdoor_win_sponsor.yar} (96%) rename yara_rules/{sekoiaio_backdoor_win_volgmer.yar => backdoor_win_volgmer.yar} (96%) rename yara_rules/{sekoiaio_backdoor_win_warhawk.yar => backdoor_win_warhawk.yar} (98%) rename yara_rules/{sekoiaio_backdoor_win_winordll64.yar => backdoor_win_winordll64.yar} (96%) rename yara_rules/{sekoiaio_backdoor_xploitspy_strings.yar => backdoor_xploitspy_strings.yar} (94%) rename yara_rules/{sekoiaio_backoor_win_gobear.yar => backoor_win_gobear.yar} (95%) rename yara_rules/{sekoiaio_backoor_win_tinyturla_ng.yar => backoor_win_tinyturla_ng.yar} (95%) rename yara_rules/{sekoiaio_bot_lin_enemybot_april22.yar => bot_lin_enemybot_april22.yar} (96%) rename yara_rules/{sekoiaio_bot_lin_kinsing_strings.yar => bot_lin_kinsing_strings.yar} (94%) rename yara_rules/{sekoiaio_bot_lin_lucifer_strings.yar => bot_lin_lucifer_strings.yar} (94%) rename yara_rules/{sekoiaio_bot_lin_xorddos_strings.yar => bot_lin_xorddos_strings.yar} (95%) rename yara_rules/{sekoiaio_bot_lin_zerobot_dec22.yar => bot_lin_zerobot_dec22.yar} (96%) rename yara_rules/{sekoiaio_bot_win_yamabot.yar => bot_win_yamabot.yar} (96%) rename yara_rules/{sekoiaio_botnet_lin_tsunami.yar => botnet_lin_tsunami.yar} (94%) rename yara_rules/{sekoiaio_builder_win_royalroad_rtf.yar => builder_win_royalroad_rtf.yar} (91%) rename yara_rules/{sekoiaio_bumblebee_loader.yar => bumblebee_loader.yar} (95%) rename yara_rules/{sekoiaio_bumblebee_vhd.yar => bumblebee_vhd.yar} (95%) rename yara_rules/{sekoiaio_clipper_win_atlas_strings.yar => clipper_win_atlas_strings.yar} (93%) rename yara_rules/{sekoiaio_clipper_win_cryptoclippy.yar => clipper_win_cryptoclippy.yar} (95%) rename yara_rules/{sekoiaio_clwiper_strings.yar => clwiper_strings.yar} (94%) rename yara_rules/{sekoiaio_crime_sload_mainpowershellimplant.yar => crime_sload_mainpowershellimplant.yar} (96%) rename yara_rules/{sekoiaio_crime_sload_powershellarchiveexfiltrator_strings.yar => crime_sload_powershellarchiveexfiltrator_strings.yar} (86%) rename yara_rules/{sekoiaio_crime_sload_scheduledtask_dropper_strings.yar => crime_sload_scheduledtask_dropper_strings.yar} (88%) rename yara_rules/{sekoiaio_crime_sload_vbs_downloader_strings_1.yar => crime_sload_vbs_downloader_strings_1.yar} (91%) rename yara_rules/{sekoiaio_crime_sload_vbs_downloader_strings_2.yar => crime_sload_vbs_downloader_strings_2.yar} (91%) rename yara_rules/{sekoiaio_crime_sload_vbs_wsf_downloader.yar => crime_sload_vbs_wsf_downloader.yar} (94%) rename yara_rules/{sekoiaio_crime_sload_zip_archives.yar => crime_sload_zip_archives.yar} (93%) rename yara_rules/{sekoiaio_crimeware_njrat_strings.yar => crimeware_njrat_strings.yar} (94%) rename yara_rules/{sekoiaio_crybercrime_prophetspider_proxy.yar => crybercrime_prophetspider_proxy.yar} (94%) rename yara_rules/{sekoiaio_crypter_vbs_to_exe.yar => crypter_vbs_to_exe.yar} (96%) rename yara_rules/{sekoiaio_crypter_win_dotrunpex.yar => crypter_win_dotrunpex.yar} (93%) rename yara_rules/{sekoiaio_darkriver_encodedurl.yar => darkriver_encodedurl.yar} (95%) rename yara_rules/{sekoiaio_dotnet_injector_new_payload.yar => dotnet_injector_new_payload.yar} (94%) rename yara_rules/{sekoiaio_downloader_kimsuky_lnk.yar => downloader_kimsuky_lnk.yar} (95%) rename yara_rules/{sekoiaio_downloader_mac_rustbucket.yar => downloader_mac_rustbucket.yar} (96%) rename yara_rules/{sekoiaio_downloader_mac_rustbucket_swiftloader.yar => downloader_mac_rustbucket_swiftloader.yar} (92%) rename yara_rules/{sekoiaio_downloader_mac_smooth_operator.yar => downloader_mac_smooth_operator.yar} (89%) rename yara_rules/{sekoiaio_downloader_win_andarloader.yar => downloader_win_andarloader.yar} (94%) rename yara_rules/{sekoiaio_downloader_win_apt33_tickler.yar => downloader_win_apt33_tickler.yar} (97%) rename yara_rules/{sekoiaio_downloader_win_cobianrat.yar => downloader_win_cobianrat.yar} (95%) rename yara_rules/{sekoiaio_downloader_win_curl_agent.yar => downloader_win_curl_agent.yar} (93%) rename yara_rules/{sekoiaio_downloader_win_donot.yar => downloader_win_donot.yar} (97%) rename yara_rules/{sekoiaio_downloader_win_fake_tor_browser.yar => downloader_win_fake_tor_browser.yar} (92%) rename yara_rules/{sekoiaio_downloader_win_newsterminal.yar => downloader_win_newsterminal.yar} (95%) rename yara_rules/{sekoiaio_downloader_win_search.yar => downloader_win_search.yar} (94%) rename yara_rules/{sekoiaio_dropper_mac_lazarus_manuscrypt.yar => dropper_mac_lazarus_manuscrypt.yar} (93%) rename yara_rules/{sekoiaio_dropper_win_konni_cab.yar => dropper_win_konni_cab.yar} (92%) rename yara_rules/{sekoiaio_dropper_win_ninerat.yar => dropper_win_ninerat.yar} (97%) rename yara_rules/{sekoiaio_dropper_win_romcom_dropper.yar => dropper_win_romcom_dropper.yar} (95%) rename yara_rules/{sekoiaio_dropper_win_selfau3.yar => dropper_win_selfau3.yar} (95%) rename yara_rules/{sekoiaio_emmenhtal_strings_hta_exe.yar => emmenhtal_strings_hta_exe.yar} (94%) rename yara_rules/{sekoiaio_evilnumpayload_fmtstr.yar => evilnumpayload_fmtstr.yar} (95%) rename yara_rules/{sekoiaio_exploit_cve20191458_strings.yar => exploit_cve20191458_strings.yar} (93%) rename yara_rules/{sekoiaio_exploit_ez_pwnkit_strings.yar => exploit_ez_pwnkit_strings.yar} (91%) rename yara_rules/{sekoiaio_exploit_linux_eop_cve20177308_strings.yar => exploit_linux_eop_cve20177308_strings.yar} (91%) rename yara_rules/{sekoiaio_exploit_linux_eop_cve202121974_exploit_strings.yar => exploit_linux_eop_cve202121974_exploit_strings.yar} (89%) rename yara_rules/{sekoiaio_exploit_linux_eop_dirtyc0w_strings.yar => exploit_linux_eop_dirtyc0w_strings.yar} (90%) rename yara_rules/{sekoiaio_exploit_linux_eop_dirtypipe_strings.yar => exploit_linux_eop_dirtypipe_strings.yar} (91%) rename yara_rules/{sekoiaio_exploit_linux_eop_polkit_pkexec_strings.yar => exploit_linux_eop_polkit_pkexec_strings.yar} (90%) rename yara_rules/{sekoiaio_exploit_linux_eop_pwnkit_strings.yar => exploit_linux_eop_pwnkit_strings.yar} (92%) rename yara_rules/{sekoiaio_exploit_linux_eop_rationallove_strings.yar => exploit_linux_eop_rationallove_strings.yar} (91%) rename yara_rules/{sekoiaio_exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar => exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar} (88%) rename yara_rules/{sekoiaio_exploit_win_cloudatlas_cve_2018_0798.yar => exploit_win_cloudatlas_cve_2018_0798.yar} (93%) rename yara_rules/{sekoiaio_gen_empire_onedrive_stager.yar => gen_empire_onedrive_stager.yar} (91%) rename yara_rules/{sekoiaio_generic_bat_script_mock_http_services.yar => generic_bat_script_mock_http_services.yar} (92%) rename yara_rules/{sekoiaio_generic_perl_reverse_shell.yar => generic_perl_reverse_shell.yar} (91%) rename yara_rules/{sekoiaio_generic_php_webshell.yar => generic_php_webshell.yar} (90%) rename yara_rules/{sekoiaio_generic_python_reverse_shell.yar => generic_python_reverse_shell.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_1.yar => generic_sharpshooter_payload_1.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_10.yar => generic_sharpshooter_payload_10.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_11.yar => generic_sharpshooter_payload_11.yar} (92%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_12.yar => generic_sharpshooter_payload_12.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_13.yar => generic_sharpshooter_payload_13.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_2.yar => generic_sharpshooter_payload_2.yar} (90%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_3.yar => generic_sharpshooter_payload_3.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_4.yar => generic_sharpshooter_payload_4.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_5.yar => generic_sharpshooter_payload_5.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_6.yar => generic_sharpshooter_payload_6.yar} (92%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_7.yar => generic_sharpshooter_payload_7.yar} (91%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_8.yar => generic_sharpshooter_payload_8.yar} (92%) rename yara_rules/{sekoiaio_generic_sharpshooter_payload_9.yar => generic_sharpshooter_payload_9.yar} (91%) rename yara_rules/{sekoiaio_generic_tor_hidden_service_leading_to_winports.yar => generic_tor_hidden_service_leading_to_winports.yar} (90%) rename yara_rules/{sekoiaio_guerrilla_lemongroup.yar => guerrilla_lemongroup.yar} (95%) rename yara_rules/{sekoiaio_guloader_lnk_file.yar => guloader_lnk_file.yar} (93%) rename yara_rules/{sekoiaio_guloader_powershell_1.yar => guloader_powershell_1.yar} (93%) rename yara_rules/{sekoiaio_guloader_unpacker.yar => guloader_unpacker.yar} (94%) rename yara_rules/{sekoiaio_guloader_unpacker_decoded.yar => guloader_unpacker_decoded.yar} (92%) rename yara_rules/{sekoiaio_guloader_vbscript.yar => guloader_vbscript.yar} (93%) rename yara_rules/{sekoiaio_hacktool_credentialkatz.yar => hacktool_credentialkatz.yar} (97%) rename yara_rules/{sekoiaio_hacktool_defendercontrol_strings.yar => hacktool_defendercontrol_strings.yar} (91%) rename yara_rules/{sekoiaio_hacktool_dnscat2_strings.yar => hacktool_dnscat2_strings.yar} (94%) rename yara_rules/{sekoiaio_hacktool_duplicatedump_strings.yar => hacktool_duplicatedump_strings.yar} (93%) rename yara_rules/{sekoiaio_hacktool_earthworm_strings.yar => hacktool_earthworm_strings.yar} (94%) rename yara_rules/{sekoiaio_hacktool_fscan_strings.yar => hacktool_fscan_strings.yar} (94%) rename yara_rules/{sekoiaio_hacktool_gtunnel_strings.yar => hacktool_gtunnel_strings.yar} (95%) rename yara_rules/{sekoiaio_hacktool_impacket_compiled_binary.yar => hacktool_impacket_compiled_binary.yar} (96%) rename yara_rules/{sekoiaio_hacktool_iox_tunneling.yar => hacktool_iox_tunneling.yar} (94%) rename yara_rules/{sekoiaio_hacktool_ipmipwner_strings.yar => hacktool_ipmipwner_strings.yar} (91%) rename yara_rules/{sekoiaio_hacktool_lazagne_strings.yar => hacktool_lazagne_strings.yar} (94%) rename yara_rules/{sekoiaio_hacktool_ligolo_relay_strings.yar => hacktool_ligolo_relay_strings.yar} (92%) rename yara_rules/{sekoiaio_hacktool_ligolo_strings.yar => hacktool_ligolo_strings.yar} (93%) rename yara_rules/{sekoiaio_hacktool_microsocks_strings.yar => hacktool_microsocks_strings.yar} (91%) rename yara_rules/{sekoiaio_hacktool_mimikat_ssp_strings.yar => hacktool_mimikat_ssp_strings.yar} (92%) rename yara_rules/{sekoiaio_hacktool_mimikatz_obfuscated.yar => hacktool_mimikatz_obfuscated.yar} (94%) rename yara_rules/{sekoiaio_hacktool_mimilite.yar => hacktool_mimilite.yar} (96%) rename yara_rules/{sekoiaio_hacktool_nbtscan_strings.yar => hacktool_nbtscan_strings.yar} (94%) rename yara_rules/{sekoiaio_hacktool_ntdsdumpex_strings.yar => hacktool_ntdsdumpex_strings.yar} (93%) rename yara_rules/{sekoiaio_hacktool_ntospy_strings.yar => hacktool_ntospy_strings.yar} (92%) rename yara_rules/{sekoiaio_hacktool_pplblade_strings.yar => hacktool_pplblade_strings.yar} (92%) rename yara_rules/{sekoiaio_hacktool_rubeus_strings.yar => hacktool_rubeus_strings.yar} (93%) rename yara_rules/{sekoiaio_hacktool_sharpview_strings.yar => hacktool_sharpview_strings.yar} (93%) rename yara_rules/{sekoiaio_hacktool_socat_strings.yar => hacktool_socat_strings.yar} (92%) rename yara_rules/{sekoiaio_hacktool_stowaway_strings.yar => hacktool_stowaway_strings.yar} (94%) rename yara_rules/{sekoiaio_hacktool_win_cookiekatz.yar => hacktool_win_cookiekatz.yar} (97%) rename yara_rules/{sekoiaio_hacktool_win_gmer.yar => hacktool_win_gmer.yar} (95%) rename yara_rules/{sekoiaio_hacktool_win_powertool.yar => hacktool_win_powertool.yar} (95%) rename yara_rules/{sekoiaio_hacktool_win_processhacker.yar => hacktool_win_processhacker.yar} (92%) rename yara_rules/{sekoiaio_hacktool_win_uknowseckeylogger.yar => hacktool_win_uknowseckeylogger.yar} (93%) rename yara_rules/{sekoiaio_hafnium_tarrask_malware.yar => hafnium_tarrask_malware.yar} (91%) rename yara_rules/{sekoiaio_icebot_exported_function.yar => icebot_exported_function.yar} (99%) rename yara_rules/{sekoiaio_icedid_chm_ttp.yar => icedid_chm_ttp.yar} (95%) rename yara_rules/{sekoiaio_implant_any_sliver.yar => implant_any_sliver.yar} (95%) rename yara_rules/{sekoiaio_implant_any_sliver_not_stripped.yar => implant_any_sliver_not_stripped.yar} (93%) rename yara_rules/{sekoiaio_implant_lin_geacon.yar => implant_lin_geacon.yar} (97%) rename yara_rules/{sekoiaio_implant_lin_lightning.yar => implant_lin_lightning.yar} (95%) rename yara_rules/{sekoiaio_implant_mac_rustbucket.yar => implant_mac_rustbucket.yar} (94%) rename yara_rules/{sekoiaio_implant_mac_smoothoperator_update_agent.yar => implant_mac_smoothoperator_update_agent.yar} (90%) rename yara_rules/{sekoiaio_implant_macos_geacon.yar => implant_macos_geacon.yar} (97%) rename yara_rules/{sekoiaio_implant_mul_alchimist.yar => implant_mul_alchimist.yar} (95%) rename yara_rules/{sekoiaio_implant_win_apt29_2022_10.yar => implant_win_apt29_2022_10.yar} (94%) rename yara_rules/{sekoiaio_implant_win_flagpro.yar => implant_win_flagpro.yar} (97%) rename yara_rules/{sekoiaio_implant_win_geacon.yar => implant_win_geacon.yar} (97%) rename yara_rules/{sekoiaio_implant_win_graphiron_downloader.yar => implant_win_graphiron_downloader.yar} (94%) rename yara_rules/{sekoiaio_implant_win_havoc_default_strings.yar => implant_win_havoc_default_strings.yar} (94%) rename yara_rules/{sekoiaio_implant_win_incontroller.yar => implant_win_incontroller.yar} (98%) rename yara_rules/{sekoiaio_implant_win_knotweed_jumplump.yar => implant_win_knotweed_jumplump.yar} (98%) rename yara_rules/{sekoiaio_implant_win_lyceum.yar => implant_win_lyceum.yar} (96%) rename yara_rules/{sekoiaio_implant_win_magicrat.yar => implant_win_magicrat.yar} (96%) rename yara_rules/{sekoiaio_implant_win_mysterysnail.yar => implant_win_mysterysnail.yar} (97%) rename yara_rules/{sekoiaio_implant_win_pingpull.yar => implant_win_pingpull.yar} (93%) rename yara_rules/{sekoiaio_implant_win_quantum_builder_lnk.yar => implant_win_quantum_builder_lnk.yar} (96%) rename yara_rules/{sekoiaio_implant_win_quasarrat.yar => implant_win_quasarrat.yar} (96%) rename yara_rules/{sekoiaio_implant_win_sliver_dll.yar => implant_win_sliver_dll.yar} (95%) rename yara_rules/{sekoiaio_in2al5d_p3in4er_loader.yar => in2al5d_p3in4er_loader.yar} (92%) rename yara_rules/{sekoiaio_infostealer_mac_realst.yar => infostealer_mac_realst.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_44caliber.yar => infostealer_win_44caliber.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_acridrain_mar23.yar => infostealer_win_acridrain_mar23.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_acrstealer_str.yar => infostealer_win_acrstealer_str.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_agrat.yar => infostealer_win_agrat.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_aurora.yar => infostealer_win_aurora.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_aurora_str.yar => infostealer_win_aurora_str.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_banditstealer.yar => infostealer_win_banditstealer.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_bebra.yar => infostealer_win_bebra.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_blackcap.yar => infostealer_win_blackcap.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_blackguard_mar23.yar => infostealer_win_blackguard_mar23.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_blustealer.yar => infostealer_win_blustealer.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_cinoshistealer.yar => infostealer_win_cinoshistealer.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_daolpu_str.yar => infostealer_win_daolpu_str.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_doenerium_str.yar => infostealer_win_doenerium_str.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_ducklogs.yar => infostealer_win_ducklogs.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_edgeguard.yar => infostealer_win_edgeguard.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_enigma_initial_loader.yar => infostealer_win_enigma_initial_loader.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_enigma_loader_module.yar => infostealer_win_enigma_loader_module.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_enigma_stealer_module.yar => infostealer_win_enigma_stealer_module.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_eternity.yar => infostealer_win_eternity.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_fwit_strings.yar => infostealer_win_fwit_strings.yar} (90%) rename yara_rules/{sekoiaio_infostealer_win_ginzostealer_str.yar => infostealer_win_ginzostealer_str.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_gomorrah.yar => infostealer_win_gomorrah.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_grmsk_strings.yar => infostealer_win_grmsk_strings.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_irontiger_chrome_stealer.yar => infostealer_win_irontiger_chrome_stealer.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_leaf.yar => infostealer_win_leaf.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_lighting.yar => infostealer_win_lighting.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_lumma_strings_aug23.yar => infostealer_win_lumma_strings_aug23.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_lumma_strings_sept23.yar => infostealer_win_lumma_strings_sept23.yar} (93%) rename yara_rules/{sekoiaio_infostealer_win_mars_stealer.yar => infostealer_win_mars_stealer.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_mars_stealer_variant_llcppc1.yar => infostealer_win_mars_stealer_variant_llcppc1.yar} (88%) rename yara_rules/{sekoiaio_infostealer_win_mars_stealer_xor_routine.yar => infostealer_win_mars_stealer_xor_routine.yar} (90%) rename yara_rules/{sekoiaio_infostealer_win_meduzastealer.yar => infostealer_win_meduzastealer.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_metastealer_strings.yar => infostealer_win_metastealer_strings.yar} (90%) rename yara_rules/{sekoiaio_infostealer_win_monster_stub.yar => infostealer_win_monster_stub.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_nekostealer.yar => infostealer_win_nekostealer.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_nemesis_in_memory.yar => infostealer_win_nemesis_in_memory.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_nosu.yar => infostealer_win_nosu.yar} (93%) rename yara_rules/{sekoiaio_infostealer_win_pennywise_mar23.yar => infostealer_win_pennywise_mar23.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_phoenix.yar => infostealer_win_phoenix.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_phoenixwave.yar => infostealer_win_phoenixwave.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_raccoon_str_takemypainback.yar => infostealer_win_raccoon_str_takemypainback.yar} (90%) rename yara_rules/{sekoiaio_infostealer_win_redline_strings.yar => infostealer_win_redline_strings.yar} (98%) rename yara_rules/{sekoiaio_infostealer_win_solarmarker_dll.yar => infostealer_win_solarmarker_dll.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_solarmarker_powershell.yar => infostealer_win_solarmarker_powershell.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_spacestealer.yar => infostealer_win_spacestealer.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_stealc.yar => infostealer_win_stealc.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_stealc_str_oct24.yar => infostealer_win_stealc_str_oct24.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_stealerium.yar => infostealer_win_stealerium.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_stormkitty.yar => infostealer_win_stormkitty.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_stormkitty_exfil_urls.yar => infostealer_win_stormkitty_exfil_urls.yar} (91%) rename yara_rules/{sekoiaio_infostealer_win_titan.yar => infostealer_win_titan.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_vidar_str_jul22.yar => infostealer_win_vidar_str_jul22.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_vidar_strings_nov23.yar => infostealer_win_vidar_strings_nov23.yar} (95%) rename yara_rules/{sekoiaio_infostealer_win_vulturi.yar => infostealer_win_vulturi.yar} (97%) rename yara_rules/{sekoiaio_infostealer_win_whitesnake_loader_feb23.yar => infostealer_win_whitesnake_loader_feb23.yar} (92%) rename yara_rules/{sekoiaio_infostealer_win_whitesnake_stealer_feb23.yar => infostealer_win_whitesnake_stealer_feb23.yar} (94%) rename yara_rules/{sekoiaio_infostealer_win_whitesnake_xor_rc4_july12.yar => infostealer_win_whitesnake_xor_rc4_july12.yar} (92%) rename yara_rules/{sekoiaio_infostealer_win_xehook_str.yar => infostealer_win_xehook_str.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_xenostealer_strings.yar => infostealer_win_xenostealer_strings.yar} (96%) rename yara_rules/{sekoiaio_infostealer_win_xfiles.yar => infostealer_win_xfiles.yar} (97%) rename yara_rules/{sekoiaio_installer_win_minibus.yar => installer_win_minibus.yar} (95%) rename yara_rules/{sekoiaio_keylogger_win_donot.yar => keylogger_win_donot.yar} (93%) rename yara_rules/{sekoiaio_killfloor_avkiller_strings.yar => killfloor_avkiller_strings.yar} (95%) rename yara_rules/{sekoiaio_kimsuky_konni_dll.yar => kimsuky_konni_dll.yar} (97%) rename yara_rules/{sekoiaio_koi_koiloader.yar => koi_koiloader.yar} (94%) rename yara_rules/{sekoiaio_koi_netstealer.yar => koi_netstealer.yar} (94%) rename yara_rules/{sekoiaio_koi_powershell_loading_obfuscatednet.yar => koi_powershell_loading_obfuscatednet.yar} (91%) rename yara_rules/{sekoiaio_koiloader_lnk.yar => koiloader_lnk.yar} (95%) rename yara_rules/{sekoiaio_koiloader_powershell_reflective_loading.yar => koiloader_powershell_reflective_loading.yar} (91%) rename yara_rules/{sekoiaio_latrodectus_br4_js_dropper.yar => latrodectus_br4_js_dropper.yar} (91%) rename yara_rules/{sekoiaio_latrodectus_exports.yar => latrodectus_exports.yar} (92%) rename yara_rules/{sekoiaio_launcher_win_bluehaze.yar => launcher_win_bluehaze.yar} (97%) rename yara_rules/{sekoiaio_launcher_win_mistcloak.yar => launcher_win_mistcloak.yar} (96%) rename yara_rules/{sekoiaio_launcher_win_romcom_launcher.yar => launcher_win_romcom_launcher.yar} (93%) rename yara_rules/{sekoiaio_launcher_win_stealthmutant_bat_launcher.yar => launcher_win_stealthmutant_bat_launcher.yar} (93%) rename yara_rules/{sekoiaio_lnk_astaroth.yar => lnk_astaroth.yar} (97%) rename yara_rules/{sekoiaio_loader_amadey_clipper_plugin.yar => loader_amadey_clipper_plugin.yar} (94%) rename yara_rules/{sekoiaio_loader_amadey_standalone_may23.yar => loader_amadey_standalone_may23.yar} (91%) rename yara_rules/{sekoiaio_loader_amadey_stealer_plugin.yar => loader_amadey_stealer_plugin.yar} (96%) rename yara_rules/{sekoiaio_loader_fakebat_initial_powershell_may24.yar => loader_fakebat_initial_powershell_may24.yar} (91%) rename yara_rules/{sekoiaio_loader_fakebat_powershell_fingerprint_may24.yar => loader_fakebat_powershell_fingerprint_may24.yar} (94%) rename yara_rules/{sekoiaio_loader_latrodectus_dll.yar => loader_latrodectus_dll.yar} (97%) rename yara_rules/{sekoiaio_loader_win_abcloader.yar => loader_win_abcloader.yar} (95%) rename yara_rules/{sekoiaio_loader_win_aresloader.yar => loader_win_aresloader.yar} (96%) rename yara_rules/{sekoiaio_loader_win_batloader_scripts.yar => loader_win_batloader_scripts.yar} (96%) rename yara_rules/{sekoiaio_loader_win_bumblebee.yar => loader_win_bumblebee.yar} (93%) rename yara_rules/{sekoiaio_loader_win_dodgebox.yar => loader_win_dodgebox.yar} (97%) rename yara_rules/{sekoiaio_loader_win_doppeldridex.yar => loader_win_doppeldridex.yar} (97%) rename yara_rules/{sekoiaio_loader_win_erbium.yar => loader_win_erbium.yar} (95%) rename yara_rules/{sekoiaio_loader_win_fudloader.yar => loader_win_fudloader.yar} (95%) rename yara_rules/{sekoiaio_loader_win_gcleaner.yar => loader_win_gcleaner.yar} (95%) rename yara_rules/{sekoiaio_loader_win_goshellcode.yar => loader_win_goshellcode.yar} (95%) rename yara_rules/{sekoiaio_loader_win_jennlog.yar => loader_win_jennlog.yar} (96%) rename yara_rules/{sekoiaio_loader_win_jinxloader_strings.yar => loader_win_jinxloader_strings.yar} (92%) rename yara_rules/{sekoiaio_loader_win_konni_bat.yar => loader_win_konni_bat.yar} (95%) rename yara_rules/{sekoiaio_loader_win_konni_wpnprv.yar => loader_win_konni_wpnprv.yar} (93%) rename yara_rules/{sekoiaio_loader_win_ninerat.yar => loader_win_ninerat.yar} (97%) rename yara_rules/{sekoiaio_loader_win_operationmagalenha_vbs.yar => loader_win_operationmagalenha_vbs.yar} (96%) rename yara_rules/{sekoiaio_loader_win_piccassoloader.yar => loader_win_piccassoloader.yar} (94%) rename yara_rules/{sekoiaio_loader_win_purecrypter.yar => loader_win_purecrypter.yar} (93%) rename yara_rules/{sekoiaio_loader_win_red0044_powershell_may24.yar => loader_win_red0044_powershell_may24.yar} (94%) rename yara_rules/{sekoiaio_loader_win_revil_loader.yar => loader_win_revil_loader.yar} (97%) rename yara_rules/{sekoiaio_loader_win_squirrelwaffle.yar => loader_win_squirrelwaffle.yar} (92%) rename yara_rules/{sekoiaio_loader_win_squirrelwaffle_doc.yar => loader_win_squirrelwaffle_doc.yar} (94%) rename yara_rules/{sekoiaio_loader_win_stealthvector.yar => loader_win_stealthvector.yar} (96%) rename yara_rules/{sekoiaio_loader_win_svcready_imports.yar => loader_win_svcready_imports.yar} (94%) rename yara_rules/{sekoiaio_luckymouse_sysupdate_loader.yar => luckymouse_sysupdate_loader.yar} (91%) rename yara_rules/{sekoiaio_luckymouse_sysupdate_payload.yar => luckymouse_sysupdate_payload.yar} (90%) rename yara_rules/{sekoiaio_malicious_lnk_exploiting_webdav_share_generic.yar => malicious_lnk_exploiting_webdav_share_generic.yar} (89%) rename yara_rules/{sekoiaio_malware_httpshell_strings.yar => malware_httpshell_strings.yar} (93%) rename yara_rules/{sekoiaio_malware_remcom_strings.yar => malware_remcom_strings.yar} (93%) rename yara_rules/{sekoiaio_malware_sugargh0st_strings.yar => malware_sugargh0st_strings.yar} (92%) rename yara_rules/{sekoiaio_malware_swordldr.yar => malware_swordldr.yar} (97%) rename yara_rules/{sekoiaio_malware_tinyshell_strings.yar => malware_tinyshell_strings.yar} (94%) rename yara_rules/{sekoiaio_malware_valleyrat_1ststage_strings.yar => malware_valleyrat_1ststage_strings.yar} (91%) rename yara_rules/{sekoiaio_malware_valleyrat_downloader_strings.yar => malware_valleyrat_downloader_strings.yar} (90%) rename yara_rules/{sekoiaio_malware_valleyrat_strings_config.yar => malware_valleyrat_strings_config.yar} (95%) rename yara_rules/{sekoiaio_malware_venom_admin_strings.yar => malware_venom_admin_strings.yar} (93%) rename yara_rules/{sekoiaio_malware_venom_agent_strings.yar => malware_venom_agent_strings.yar} (96%) rename yara_rules/{sekoiaio_malware_win_lyceum_maldoc_macro_20220613.yar => malware_win_lyceum_maldoc_macro_20220613.yar} (88%) rename yara_rules/{sekoiaio_malware_win_mex.yar => malware_win_mex.yar} (98%) rename yara_rules/{sekoiaio_malware_win_passlib.yar => malware_win_passlib.yar} (97%) rename yara_rules/{sekoiaio_manjusaka_samples.yar => manjusaka_samples.yar} (97%) rename yara_rules/{sekoiaio_merlin_crossplatform.yar => merlin_crossplatform.yar} (94%) rename yara_rules/{sekoiaio_merlin_linux_elf.yar => merlin_linux_elf.yar} (97%) rename yara_rules/{sekoiaio_merlin_win_dll.yar => merlin_win_dll.yar} (98%) rename yara_rules/{sekoiaio_merlin_win_exe.yar => merlin_win_exe.yar} (96%) rename yara_rules/{sekoiaio_miner_lin_xmrig_strings.yar => miner_lin_xmrig_strings.yar} (95%) rename yara_rules/{sekoiaio_miner_win_xmrig_strings.yar => miner_win_xmrig_strings.yar} (95%) rename yara_rules/{sekoiaio_nomercy.yar => nomercy.yar} (99%) rename yara_rules/{sekoiaio_observerstealer.yar => observerstealer.yar} (95%) rename yara_rules/{sekoiaio_pe_princeransomware_strings.yar => pe_princeransomware_strings.yar} (94%) rename yara_rules/{sekoiaio_pe_stealer_axilestealer_strings.yar => pe_stealer_axilestealer_strings.yar} (95%) rename yara_rules/{sekoiaio_pe_stealer_scarletstealer_strings.yar => pe_stealer_scarletstealer_strings.yar} (95%) rename yara_rules/{sekoiaio_platypus_winlinmac_strings.yar => platypus_winlinmac_strings.yar} (94%) rename yara_rules/{sekoiaio_plugx_final_payload.yar => plugx_final_payload.yar} (95%) rename yara_rules/{sekoiaio_radx_stealer.yar => radx_stealer.yar} (96%) rename yara_rules/{sekoiaio_ransomware_lin_avoslocker_sections.yar => ransomware_lin_avoslocker_sections.yar} (97%) rename yara_rules/{sekoiaio_ransomware_lin_avoslocker_strings.yar => ransomware_lin_avoslocker_strings.yar} (95%) rename yara_rules/{sekoiaio_ransomware_linux_icefire_2023.yar => ransomware_linux_icefire_2023.yar} (95%) rename yara_rules/{sekoiaio_ransomware_mallox.yar => ransomware_mallox.yar} (98%) rename yara_rules/{sekoiaio_ransomware_win_agenda.yar => ransomware_win_agenda.yar} (96%) rename yara_rules/{sekoiaio_ransomware_win_avoslocker.yar => ransomware_win_avoslocker.yar} (95%) rename yara_rules/{sekoiaio_ransomware_win_blackcat.yar => ransomware_win_blackcat.yar} (96%) rename yara_rules/{sekoiaio_ransomware_win_blackmatter.yar => ransomware_win_blackmatter.yar} (92%) rename yara_rules/{sekoiaio_ransomware_win_chaos.yar => ransomware_win_chaos.yar} (97%) rename yara_rules/{sekoiaio_ransomware_win_dodo_2023.yar => ransomware_win_dodo_2023.yar} (95%) rename yara_rules/{sekoiaio_ransomware_win_eking_rich_header.yar => ransomware_win_eking_rich_header.yar} (89%) rename yara_rules/{sekoiaio_ransomware_win_fonix.yar => ransomware_win_fonix.yar} (92%) rename yara_rules/{sekoiaio_ransomware_win_honkai_jan2023.yar => ransomware_win_honkai_jan2023.yar} (94%) rename yara_rules/{sekoiaio_ransomware_win_karma.yar => ransomware_win_karma.yar} (94%) rename yara_rules/{sekoiaio_ransomware_win_lorenz.yar => ransomware_win_lorenz.yar} (96%) rename yara_rules/{sekoiaio_ransomware_win_masons_jan2023.yar => ransomware_win_masons_jan2023.yar} (92%) rename yara_rules/{sekoiaio_ransomware_win_raworld.yar => ransomware_win_raworld.yar} (94%) rename yara_rules/{sekoiaio_ransomware_win_redeemer.yar => ransomware_win_redeemer.yar} (96%) rename yara_rules/{sekoiaio_ransomware_win_scransom.yar => ransomware_win_scransom.yar} (96%) rename yara_rules/{sekoiaio_ransomware_win_shrinklocker.yar => ransomware_win_shrinklocker.yar} (95%) rename yara_rules/{sekoiaio_ransomware_win_voidcrypt.yar => ransomware_win_voidcrypt.yar} (92%) rename yara_rules/{sekoiaio_ransomware_win_wing.yar => ransomware_win_wing.yar} (98%) rename yara_rules/{sekoiaio_rat_darkvision_string.yar => rat_darkvision_string.yar} (96%) rename yara_rules/{sekoiaio_rat_lin_gobrat_2023.yar => rat_lin_gobrat_2023.yar} (95%) rename yara_rules/{sekoiaio_rat_win_arrow_str.yar => rat_win_arrow_str.yar} (97%) rename yara_rules/{sekoiaio_rat_win_asbit.yar => rat_win_asbit.yar} (95%) rename yara_rules/{sekoiaio_rat_win_asyncrat.yar => rat_win_asyncrat.yar} (96%) rename yara_rules/{sekoiaio_rat_win_atharvan.yar => rat_win_atharvan.yar} (91%) rename yara_rules/{sekoiaio_rat_win_babylon.yar => rat_win_babylon.yar} (96%) rename yara_rules/{sekoiaio_rat_win_borat.yar => rat_win_borat.yar} (96%) rename yara_rules/{sekoiaio_rat_win_dcrat_qwqdanchun.yar => rat_win_dcrat_qwqdanchun.yar} (96%) rename yara_rules/{sekoiaio_rat_win_hiddenz.yar => rat_win_hiddenz.yar} (94%) rename yara_rules/{sekoiaio_rat_win_konni_rat.yar => rat_win_konni_rat.yar} (94%) rename yara_rules/{sekoiaio_rat_win_lilith.yar => rat_win_lilith.yar} (94%) rename yara_rules/{sekoiaio_rat_win_millenium.yar => rat_win_millenium.yar} (97%) rename yara_rules/{sekoiaio_rat_win_nighthawk.yar => rat_win_nighthawk.yar} (96%) rename yara_rules/{sekoiaio_rat_win_ninerat.yar => rat_win_ninerat.yar} (96%) rename yara_rules/{sekoiaio_rat_win_ratel_strings.yar => rat_win_ratel_strings.yar} (96%) rename yara_rules/{sekoiaio_rat_win_remcos.yar => rat_win_remcos.yar} (97%) rename yara_rules/{sekoiaio_rat_win_reverserat.yar => rat_win_reverserat.yar} (95%) rename yara_rules/{sekoiaio_rat_win_romcom_payload.yar => rat_win_romcom_payload.yar} (92%) rename yara_rules/{sekoiaio_rat_win_tutclient.yar => rat_win_tutclient.yar} (95%) rename yara_rules/{sekoiaio_rat_win_xeno_rat.yar => rat_win_xeno_rat.yar} (94%) rename yara_rules/{sekoiaio_rat_win_xworm_v2.yar => rat_win_xworm_v2.yar} (97%) rename yara_rules/{sekoiaio_rat_win_xworm_v3.yar => rat_win_xworm_v3.yar} (97%) rename yara_rules/{sekoiaio_recotool_adfind_strings.yar => recotool_adfind_strings.yar} (94%) rename yara_rules/{sekoiaio_reverseshell_win_1st_troy.yar => reverseshell_win_1st_troy.yar} (97%) rename yara_rules/{sekoiaio_rootkit_diamorphine_strings.yar => rootkit_diamorphine_strings.yar} (96%) rename yara_rules/{sekoiaio_rootkit_lin_winnti.yar => rootkit_lin_winnti.yar} (97%) rename yara_rules/{sekoiaio_rootkit_win_purplefox_360_tct.yar => rootkit_win_purplefox_360_tct.yar} (94%) rename yara_rules/{sekoiaio_rootkit_win_purplefox_kernel_driver.yar => rootkit_win_purplefox_kernel_driver.yar} (95%) rename yara_rules/{sekoiaio_rootkit_win_purplefox_svchost_txt.yar => rootkit_win_purplefox_svchost_txt.yar} (95%) rename yara_rules/{sekoiaio_rule_lazarus_generic_downloader_7c3f94702fa7.yar => rule_lazarus_generic_downloader_7c3f94702fa7.yar} (90%) delete mode 100644 yara_rules/sekoiaio_infostealer_win_zharkbot_dump.yar delete mode 100644 yara_rules/sekoiaio_loader_win_truebot_dec22.yar delete mode 100644 yara_rules/sekoiaio_trojan_win_bazarloader_setscreen.yar rename yara_rules/{sekoiaio_shell_win_danfuan.yar => shell_win_danfuan.yar} (94%) rename yara_rules/{sekoiaio_spyware_and_bahamut.yar => spyware_and_bahamut.yar} (95%) rename yara_rules/{sekoiaio_spyware_and_fastfire.yar => spyware_and_fastfire.yar} (97%) rename yara_rules/{sekoiaio_spyware_and_strongpity_mobile_backdoor.yar => spyware_and_strongpity_mobile_backdoor.yar} (88%) rename yara_rules/{sekoiaio_stealer_win_demotryspy.yar => stealer_win_demotryspy.yar} (94%) rename yara_rules/{sekoiaio_stealer_win_luca.yar => stealer_win_luca.yar} (98%) rename yara_rules/{sekoiaio_stealer_win_mgbot_credential_stealer.yar => stealer_win_mgbot_credential_stealer.yar} (93%) rename yara_rules/{sekoiaio_stealer_win_strela.yar => stealer_win_strela.yar} (95%) rename yara_rules/{sekoiaio_storm_1811_files_dat.yar => storm_1811_files_dat.yar} (96%) rename yara_rules/{sekoiaio_storm_1811_screenconnect_update.yar => storm_1811_screenconnect_update.yar} (94%) rename yara_rules/{sekoiaio_strongpity_malware.yar => strongpity_malware.yar} (95%) rename yara_rules/{sekoiaio_suspicious_users_dev.yar => suspicious_users_dev.yar} (93%) rename yara_rules/{sekoiaio_ta410_control_flow_obfuscation.yar => ta410_control_flow_obfuscation.yar} (93%) rename yara_rules/{sekoiaio_technique_csv_dde_exec_regex.yar => technique_csv_dde_exec_regex.yar} (92%) rename yara_rules/{sekoiaio_tinyfluff_nodejs.yar => tinyfluff_nodejs.yar} (95%) rename yara_rules/{sekoiaio_tool_3proxy_strings.yar => tool_3proxy_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_advancedrun_strings.yar => tool_advancedrun_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_bore_rust_any_platform.yar => tool_bore_rust_any_platform.yar} (95%) rename yara_rules/{sekoiaio_tool_bypassgodzilla.yar => tool_bypassgodzilla.yar} (97%) rename yara_rules/{sekoiaio_tool_cheat_engine.yar => tool_cheat_engine.yar} (95%) rename yara_rules/{sekoiaio_tool_chisel_strings.yar => tool_chisel_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_dogtunnel_strings.yar => tool_dogtunnel_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_dynamicwrapper_strings.yar => tool_dynamicwrapper_strings.yar} (91%) rename yara_rules/{sekoiaio_tool_edrsandblast_api_strings.yar => tool_edrsandblast_api_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_edrsandblast_cli_strings.yar => tool_edrsandblast_cli_strings.yar} (92%) rename yara_rules/{sekoiaio_tool_edrsandblast_kernelcallbacks.yar => tool_edrsandblast_kernelcallbacks.yar} (92%) rename yara_rules/{sekoiaio_tool_edrsandblast_strings.yar => tool_edrsandblast_strings.yar} (96%) rename yara_rules/{sekoiaio_tool_efspotato.yar => tool_efspotato.yar} (95%) rename yara_rules/{sekoiaio_tool_ehole.yar => tool_ehole.yar} (95%) rename yara_rules/{sekoiaio_tool_enum4linux_strings.yar => tool_enum4linux_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_execit_obfuscator_strings.yar => tool_execit_obfuscator_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_exploit_badpotato_strings.yar => tool_exploit_badpotato_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_exploit_comahawk_strings.yar => tool_exploit_comahawk_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_exploit_rottenpotato_strings.yar => tool_exploit_rottenpotato_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_generic_python_reverse_shell_strings.yar => tool_generic_python_reverse_shell_strings.yar} (88%) rename yara_rules/{sekoiaio_tool_godpotato.yar => tool_godpotato.yar} (95%) rename yara_rules/{sekoiaio_tool_gost_tunnel_strings.yar => tool_gost_tunnel_strings.yar} (96%) rename yara_rules/{sekoiaio_tool_gsocket_strings.yar => tool_gsocket_strings.yar} (96%) rename yara_rules/{sekoiaio_tool_htran_strings.yar => tool_htran_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_impersonate_strings.yar => tool_impersonate_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_inswor_strings.yar => tool_inswor_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_iodine_strings.yar => tool_iodine_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_juicypotato_exploit_strings.yar => tool_juicypotato_exploit_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_juicypotatong_strings.yar => tool_juicypotatong_strings.yar} (92%) rename yara_rules/{sekoiaio_tool_koblas_server_strings.yar => tool_koblas_server_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_ladon_strings.yar => tool_ladon_strings.yar} (98%) rename yara_rules/{sekoiaio_tool_lsass_dump_strings.yar => tool_lsass_dump_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_masky_strings.yar => tool_masky_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_multidump_strings.yar => tool_multidump_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_nping_strings.yar => tool_nping_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_nssm_strings.yar => tool_nssm_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_paexec_strings.yar => tool_paexec_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_pchunter_and_related_certificate.yar => tool_pchunter_and_related_certificate.yar} (91%) rename yara_rules/{sekoiaio_tool_petitpotato.yar => tool_petitpotato.yar} (93%) rename yara_rules/{sekoiaio_tool_pivotnacci.yar => tool_pivotnacci.yar} (95%) rename yara_rules/{sekoiaio_tool_pivotnacci_webshell.yar => tool_pivotnacci_webshell.yar} (95%) rename yara_rules/{sekoiaio_tool_powershell_unicorn.yar => tool_powershell_unicorn.yar} (92%) rename yara_rules/{sekoiaio_tool_printnotifypotato.yar => tool_printnotifypotato.yar} (94%) rename yara_rules/{sekoiaio_tool_quarkspwdump.yar => tool_quarkspwdump.yar} (94%) rename yara_rules/{sekoiaio_tool_rathole_strings.yar => tool_rathole_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_realblindingedr_strings.yar => tool_realblindingedr_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_reversessh_strings.yar => tool_reversessh_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_revsocks_strings.yar => tool_revsocks_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_rsockstun_strings.yar => tool_rsockstun_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_rubeus_strings.yar => tool_rubeus_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_runpeinmemory_strings.yar => tool_runpeinmemory_strings.yar} (92%) rename yara_rules/{sekoiaio_tool_safetykatz.yar => tool_safetykatz.yar} (94%) rename yara_rules/{sekoiaio_tool_scanline_strings.yar => tool_scanline_strings.yar} (92%) rename yara_rules/{sekoiaio_tool_sharpefspotato_strings.yar => tool_sharpefspotato_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_sharphoundexecutable_strings.yar => tool_sharphoundexecutable_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_sharphoundpowershell_strings.yar => tool_sharphoundpowershell_strings.yar} (92%) rename yara_rules/{sekoiaio_tool_sharpnbtscan_strings.yar => tool_sharpnbtscan_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_sharpsecdump.yar => tool_sharpsecdump.yar} (93%) rename yara_rules/{sekoiaio_tool_soaphound_strings.yar => tool_soaphound_strings.yar} (94%) rename yara_rules/{sekoiaio_tool_ssf_strings.yar => tool_ssf_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_swor.yar => tool_swor.yar} (96%) rename yara_rules/{sekoiaio_tool_sy_runas.yar => tool_sy_runas.yar} (95%) rename yara_rules/{sekoiaio_tool_tacticalrmm_installer_strings.yar => tool_tacticalrmm_installer_strings.yar} (91%) rename yara_rules/{sekoiaio_tool_tokenplayer_strings.yar => tool_tokenplayer_strings.yar} (95%) rename yara_rules/{sekoiaio_tool_webshell_b374k_strings.yar => tool_webshell_b374k_strings.yar} (93%) rename yara_rules/{sekoiaio_tool_win_blackfly_proxy_config.yar => tool_win_blackfly_proxy_config.yar} (96%) rename yara_rules/{sekoiaio_tool_win_driverjack.yar => tool_win_driverjack.yar} (95%) rename yara_rules/{sekoiaio_tool_win_forkplayground.yar => tool_win_forkplayground.yar} (95%) rename yara_rules/{sekoiaio_tool_win_gosecretsdump.yar => tool_win_gosecretsdump.yar} (95%) rename yara_rules/{sekoiaio_tool_win_lightrail.yar => tool_win_lightrail.yar} (96%) rename yara_rules/{sekoiaio_tool_win_sharpshares.yar => tool_win_sharpshares.yar} (96%) rename yara_rules/{sekoiaio_tool_win_snap2html.yar => tool_win_snap2html.yar} (96%) rename yara_rules/{sekoiaio_tool_xiebroc2_strings.yar => tool_xiebroc2_strings.yar} (97%) rename yara_rules/{sekoiaio_tool_yasso_strings.yar => tool_yasso_strings.yar} (94%) rename yara_rules/{sekoiaio_trojan_and_keepspy.yar => trojan_and_keepspy.yar} (95%) rename yara_rules/{sekoiaio_trojan_android_brata.yar => trojan_android_brata.yar} (96%) rename yara_rules/{sekoiaio_trojan_android_cerberus.yar => trojan_android_cerberus.yar} (95%) rename yara_rules/{sekoiaio_trojan_android_xenomorph.yar => trojan_android_xenomorph.yar} (93%) rename yara_rules/{sekoiaio_trojan_win_bbtok_dll1_sep23.yar => trojan_win_bbtok_dll1_sep23.yar} (96%) rename yara_rules/{sekoiaio_trojan_win_bbtok_iso_sep23.yar => trojan_win_bbtok_iso_sep23.yar} (95%) rename yara_rules/{sekoiaio_trojan_win_bbtok_lnk_sep23.yar => trojan_win_bbtok_lnk_sep23.yar} (95%) rename yara_rules/{sekoiaio_trojan_win_grandoreiro.yar => trojan_win_grandoreiro.yar} (96%) rename yara_rules/{sekoiaio_truesightkiller_avkiller_strings.yar => truesightkiller_avkiller_strings.yar} (97%) rename yara_rules/{sekoiaio_typhon_reborn_stealer.yar => typhon_reborn_stealer.yar} (92%) rename yara_rules/{sekoiaio_unk_quad7_fsynet_strings.yar => unk_quad7_fsynet_strings.yar} (95%) rename yara_rules/{sekoiaio_unk_quad7_netd_strings.yar => unk_quad7_netd_strings.yar} (93%) rename yara_rules/{sekoiaio_unk_quad7_updtae_reverse_shell_strings.yar => unk_quad7_updtae_reverse_shell_strings.yar} (92%) rename yara_rules/{sekoiaio_unknown_7777_xlogin.yar => unknown_7777_xlogin.yar} (95%) rename yara_rules/{sekoiaio_unknown_quad7_wildcard_login.yar => unknown_quad7_wildcard_login.yar} (94%) rename yara_rules/{sekoiaio_ursnif.yar => ursnif.yar} (98%) rename yara_rules/{sekoiaio_ursnif_ldr4.yar => ursnif_ldr4.yar} (97%) rename yara_rules/{sekoiaio_vpn_mul_softether.yar => vpn_mul_softether.yar} (96%) rename yara_rules/{sekoiaio_water_sigbin_group.yar => water_sigbin_group.yar} (93%) rename yara_rules/{sekoiaio_webshell_icesword_strings.yar => webshell_icesword_strings.yar} (93%) rename yara_rules/{sekoiaio_webshell_wso_webshell_strings.yar => webshell_wso_webshell_strings.yar} (92%) rename yara_rules/{sekoiaio_weevely_webshell_payload.yar => weevely_webshell_payload.yar} (91%) rename yara_rules/{sekoiaio_win_clipper_generic.yar => win_clipper_generic.yar} (96%) rename yara_rules/{sekoiaio_win_infostealer_serpent_strings.yar => win_infostealer_serpent_strings.yar} (93%) rename yara_rules/{sekoiaio_win_loader_astasialoader_strings.yar => win_loader_astasialoader_strings.yar} (94%) rename yara_rules/{sekoiaio_win_malware_agnianestealer.yar => win_malware_agnianestealer.yar} (91%) rename yara_rules/{sekoiaio_win_malware_janelarat_strings.yar => win_malware_janelarat_strings.yar} (92%) rename yara_rules/{sekoiaio_win_malware_statc_downloader.yar => win_malware_statc_downloader.yar} (97%) rename yara_rules/{sekoiaio_wiper_hermeticwiper_variants.yar => wiper_hermeticwiper_variants.yar} (94%) rename yara_rules/{sekoiaio_wiper_win_caddywiper.yar => wiper_win_caddywiper.yar} (97%) rename yara_rules/{sekoiaio_wiper_win_dnwipe.yar => wiper_win_dnwipe.yar} (95%) rename yara_rules/{sekoiaio_wiper_win_isaacwiper.yar => wiper_win_isaacwiper.yar} (98%) rename yara_rules/{sekoiaio_wiper_win_nominatus_toxicbattery.yar => wiper_win_nominatus_toxicbattery.yar} (96%) rename yara_rules/{sekoiaio_wiper_win_ruransom.yar => wiper_win_ruransom.yar} (95%) rename yara_rules/{sekoiaio_xworm_dotnet_injector.yar => xworm_dotnet_injector.yar} (97%) rename yara_rules/{sekoiaio_yara_runascs.yar => yara_runascs.yar} (97%) rename yara_rules/{sekoiaio_zip_win_abcloader.yar => zip_win_abcloader.yar} (93%) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6475b15 --- /dev/null +++ b/LICENSE @@ -0,0 +1,17 @@ +# Detection Rule License (DRL) 1.1 + +Permission is hereby granted, free of charge, to any person obtaining a copy of this rule set and associated documentation files (the "Rules"), to deal in the Rules without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Rules, and to permit persons to whom the Rules are furnished to do so, subject to the following conditions: + +If you share the Rules (including in modified form), you must retain the following if it is supplied within the Rules: + +1. identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner requested by the Rule author (including by pseudonym if designated). + +2. a URI or hyperlink to the Rule set or explicit Rule to the extent reasonably practicable + +3. indicate the Rules are licensed under this Detection Rule License, and include the text of, or the URI or hyperlink to, this Detection Rule License to the extent reasonably practicable + +If you use the Rules (including in modified form) on data, messages based on matches with the Rules must retain the following if it is supplied within the Rules: + +1. identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner requested by the Rule author (including by pseudonym if designated). + +THE RULES ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE RULES OR THE USE OR OTHER DEALINGS IN THE RULES. \ No newline at end of file diff --git a/yara_rules/sekoiaio_apt37_rokrat_macho.yar b/yara_rules/apt37_rokrat_macho.yar similarity index 97% rename from yara_rules/sekoiaio_apt37_rokrat_macho.yar rename to yara_rules/apt37_rokrat_macho.yar index cc1dcf3..71f591e 100644 --- a/yara_rules/sekoiaio_apt37_rokrat_macho.yar +++ b/yara_rules/apt37_rokrat_macho.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt37_rokrat_macho { +rule apt37_rokrat_macho { meta: id = "c54fb9ae-85fa-4c36-bab9-6c6d989262ba" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_37_chinotto.yar b/yara_rules/apt_37_chinotto.yar similarity index 98% rename from yara_rules/sekoiaio_apt_37_chinotto.yar rename to yara_rules/apt_37_chinotto.yar index 1518a67..33ff211 100644 --- a/yara_rules/sekoiaio_apt_37_chinotto.yar +++ b/yara_rules/apt_37_chinotto.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_37_chinotto { +rule apt_37_chinotto { meta: id = "eff8fd11-dc7a-4011-b083-181d0cca8790" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_3cx_payload_stealer.yar b/yara_rules/apt_3cx_payload_stealer.yar similarity index 94% rename from yara_rules/sekoiaio_apt_3cx_payload_stealer.yar rename to yara_rules/apt_3cx_payload_stealer.yar index 63c21bf..f76fa94 100644 --- a/yara_rules/sekoiaio_apt_3cx_payload_stealer.yar +++ b/yara_rules/apt_3cx_payload_stealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_3cx_payload_stealer { +rule apt_3cx_payload_stealer { meta: id = "1ca0605d-101f-4d1d-a476-9dfd93e74b4c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_agent_racoon_strings.yar b/yara_rules/apt_agent_racoon_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_agent_racoon_strings.yar rename to yara_rules/apt_agent_racoon_strings.yar index 646c819..157c479 100644 --- a/yara_rules/sekoiaio_apt_agent_racoon_strings.yar +++ b/yara_rules/apt_agent_racoon_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_agent_racoon_strings { +rule apt_agent_racoon_strings { meta: id = "ec89f1db-0ba8-48c8-8c1a-c38c410f3e39" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_andariel_dorarat_strings.yar b/yara_rules/apt_andariel_dorarat_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_andariel_dorarat_strings.yar rename to yara_rules/apt_andariel_dorarat_strings.yar index 397a49c..18c1156 100644 --- a/yara_rules/sekoiaio_apt_andariel_dorarat_strings.yar +++ b/yara_rules/apt_andariel_dorarat_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_andariel_dorarat_strings { +rule apt_andariel_dorarat_strings { meta: id = "30388291-a287-489f-a060-c90a16cda217" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_andariel_keylogger_strings.yar b/yara_rules/apt_andariel_keylogger_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_andariel_keylogger_strings.yar rename to yara_rules/apt_andariel_keylogger_strings.yar index 6e601ad..52c58ea 100644 --- a/yara_rules/sekoiaio_apt_andariel_keylogger_strings.yar +++ b/yara_rules/apt_andariel_keylogger_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_andariel_keylogger_strings { +rule apt_andariel_keylogger_strings { meta: id = "59e94bee-9bd4-4f72-9358-858956bb4787" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_andariel_nestdoor_variants_strings.yar b/yara_rules/apt_andariel_nestdoor_variants_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_andariel_nestdoor_variants_strings.yar rename to yara_rules/apt_andariel_nestdoor_variants_strings.yar index 2782186..b2ee30a 100644 --- a/yara_rules/sekoiaio_apt_andariel_nestdoor_variants_strings.yar +++ b/yara_rules/apt_andariel_nestdoor_variants_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_andariel_nestdoor_variants_strings { +rule apt_andariel_nestdoor_variants_strings { meta: id = "dcfc48ad-f17b-4224-912b-b01740080fea" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_andariel_siennablue.yar b/yara_rules/apt_andariel_siennablue.yar similarity index 93% rename from yara_rules/sekoiaio_apt_andariel_siennablue.yar rename to yara_rules/apt_andariel_siennablue.yar index c749326..fd516ed 100644 --- a/yara_rules/sekoiaio_apt_andariel_siennablue.yar +++ b/yara_rules/apt_andariel_siennablue.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_andariel_siennablue { +rule apt_andariel_siennablue { meta: id = "ab3f8b49-0851-47a8-ac77-98d4e26f448e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt10_hui_loader.yar b/yara_rules/apt_apt10_hui_loader.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt10_hui_loader.yar rename to yara_rules/apt_apt10_hui_loader.yar index 0d637e2..6dce310 100644 --- a/yara_rules/sekoiaio_apt_apt10_hui_loader.yar +++ b/yara_rules/apt_apt10_hui_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt10_hui_loader { +rule apt_apt10_hui_loader { meta: id = "97d17052-80d0-4f8e-8b3a-2e0d622522a9" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_document_phishing_webpage.yar b/yara_rules/apt_apt28_document_phishing_webpage.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt28_document_phishing_webpage.yar rename to yara_rules/apt_apt28_document_phishing_webpage.yar index 0cc2054..38bb88f 100644 --- a/yara_rules/sekoiaio_apt_apt28_document_phishing_webpage.yar +++ b/yara_rules/apt_apt28_document_phishing_webpage.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt28_document_phishing_webpage { +rule apt_apt28_document_phishing_webpage { meta: id = "585a8e23-c302-41d3-938f-eda60c82ef28" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_htmlsmuggling.yar b/yara_rules/apt_apt28_htmlsmuggling.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt28_htmlsmuggling.yar rename to yara_rules/apt_apt28_htmlsmuggling.yar index 0d37c03..409ce05 100644 --- a/yara_rules/sekoiaio_apt_apt28_htmlsmuggling.yar +++ b/yara_rules/apt_apt28_htmlsmuggling.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt28_htmlsmuggling { +rule apt_apt28_htmlsmuggling { meta: id = "2e20c992-d971-4c0f-99b3-a7d528c7055a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_htmlsmuggling_disclosing_ip.yar b/yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar similarity index 90% rename from yara_rules/sekoiaio_apt_apt28_htmlsmuggling_disclosing_ip.yar rename to yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar index a345129..3cebc88 100644 --- a/yara_rules/sekoiaio_apt_apt28_htmlsmuggling_disclosing_ip.yar +++ b/yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt28_htmlsmuggling_disclosing_ip { +rule apt_apt28_htmlsmuggling_disclosing_ip { meta: id = "57adc227-2b72-457e-a786-97ca1a7300d8" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_powershell_ntlm_stealer.yar b/yara_rules/apt_apt28_powershell_ntlm_stealer.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt28_powershell_ntlm_stealer.yar rename to yara_rules/apt_apt28_powershell_ntlm_stealer.yar index 26385f3..d03fa36 100644 --- a/yara_rules/sekoiaio_apt_apt28_powershell_ntlm_stealer.yar +++ b/yara_rules/apt_apt28_powershell_ntlm_stealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt28_powershell_ntlm_stealer { +rule apt_apt28_powershell_ntlm_stealer { meta: id = "3fb5c472-6b1c-490e-b38f-4d4f1c472f43" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_susp_graphite_downloader.yar b/yara_rules/apt_apt28_susp_graphite_downloader.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt28_susp_graphite_downloader.yar rename to yara_rules/apt_apt28_susp_graphite_downloader.yar index 63d6c33..5952013 100644 --- a/yara_rules/sekoiaio_apt_apt28_susp_graphite_downloader.yar +++ b/yara_rules/apt_apt28_susp_graphite_downloader.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_apt28_susp_graphite_downloader { +rule apt_apt28_susp_graphite_downloader { meta: id = "9c9da5fe-ffd6-4c45-8ce1-9a6cf4fa2fda" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_ukrnet_phishing_page.yar b/yara_rules/apt_apt28_ukrnet_phishing_page.yar similarity index 94% rename from yara_rules/sekoiaio_apt_apt28_ukrnet_phishing_page.yar rename to yara_rules/apt_apt28_ukrnet_phishing_page.yar index 2b85d73..84dc547 100644 --- a/yara_rules/sekoiaio_apt_apt28_ukrnet_phishing_page.yar +++ b/yara_rules/apt_apt28_ukrnet_phishing_page.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt28_ukrnet_phishing_page { +rule apt_apt28_ukrnet_phishing_page { meta: id = "053158d8-aac0-486f-8432-834a06f41ed2" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt28_wayzgoose_exploit_string.yar b/yara_rules/apt_apt28_wayzgoose_exploit_string.yar similarity index 91% rename from yara_rules/sekoiaio_apt_apt28_wayzgoose_exploit_string.yar rename to yara_rules/apt_apt28_wayzgoose_exploit_string.yar index 4b61e64..65d9598 100644 --- a/yara_rules/sekoiaio_apt_apt28_wayzgoose_exploit_string.yar +++ b/yara_rules/apt_apt28_wayzgoose_exploit_string.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt28_wayzgoose_exploit_string { +rule apt_apt28_wayzgoose_exploit_string { meta: id = "23d9e09e-202c-47f5-abf7-6b5085e44400" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt29_malicious_rdp_file.yar b/yara_rules/apt_apt29_malicious_rdp_file.yar similarity index 94% rename from yara_rules/sekoiaio_apt_apt29_malicious_rdp_file.yar rename to yara_rules/apt_apt29_malicious_rdp_file.yar index d5e0ee7..f8723b3 100644 --- a/yara_rules/sekoiaio_apt_apt29_malicious_rdp_file.yar +++ b/yara_rules/apt_apt29_malicious_rdp_file.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt29_malicious_rdp_file { +rule apt_apt29_malicious_rdp_file { meta: id = "a7b092b5-53a1-4638-a6c1-733d3f063139" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt29_quarterrig.yar b/yara_rules/apt_apt29_quarterrig.yar similarity index 93% rename from yara_rules/sekoiaio_apt_apt29_quarterrig.yar rename to yara_rules/apt_apt29_quarterrig.yar index 2e89a95..4636e50 100644 --- a/yara_rules/sekoiaio_apt_apt29_quarterrig.yar +++ b/yara_rules/apt_apt29_quarterrig.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt29_quarterrig { +rule apt_apt29_quarterrig { meta: id = "e370ed7e-5e12-4add-95f3-3773ea8e2d03" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt29_wineloader_malicious_hta.yar b/yara_rules/apt_apt29_wineloader_malicious_hta.yar similarity index 90% rename from yara_rules/sekoiaio_apt_apt29_wineloader_malicious_hta.yar rename to yara_rules/apt_apt29_wineloader_malicious_hta.yar index dd5afed..233861e 100644 --- a/yara_rules/sekoiaio_apt_apt29_wineloader_malicious_hta.yar +++ b/yara_rules/apt_apt29_wineloader_malicious_hta.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt29_wineloader_malicious_hta { +rule apt_apt29_wineloader_malicious_hta { meta: id = "5a17d854-0564-4830-a0e5-7867b99716c2" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt29_wineloader_malicious_pdf.yar b/yara_rules/apt_apt29_wineloader_malicious_pdf.yar similarity index 93% rename from yara_rules/sekoiaio_apt_apt29_wineloader_malicious_pdf.yar rename to yara_rules/apt_apt29_wineloader_malicious_pdf.yar index f52454b..a4401d5 100644 --- a/yara_rules/sekoiaio_apt_apt29_wineloader_malicious_pdf.yar +++ b/yara_rules/apt_apt29_wineloader_malicious_pdf.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt29_wineloader_malicious_pdf { +rule apt_apt29_wineloader_malicious_pdf { meta: id = "b1db731e-471e-493a-b76c-38d2808ccac9" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt31_pakdoor.yar b/yara_rules/apt_apt31_pakdoor.yar similarity index 95% rename from yara_rules/sekoiaio_apt_apt31_pakdoor.yar rename to yara_rules/apt_apt31_pakdoor.yar index 64e848f..25d8df6 100644 --- a/yara_rules/sekoiaio_apt_apt31_pakdoor.yar +++ b/yara_rules/apt_apt31_pakdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt31_pakdoor { +rule apt_apt31_pakdoor { meta: id = "463b8d0d-30f4-45ed-8f19-4b32436fbbf0" description = "Detects APT31 ORB implant - 2019/2021" diff --git a/yara_rules/sekoiaio_apt_apt31_rekoobe.yar b/yara_rules/apt_apt31_rekoobe.yar similarity index 93% rename from yara_rules/sekoiaio_apt_apt31_rekoobe.yar rename to yara_rules/apt_apt31_rekoobe.yar index bfc2836..1088161 100644 --- a/yara_rules/sekoiaio_apt_apt31_rekoobe.yar +++ b/yara_rules/apt_apt31_rekoobe.yar @@ -1,6 +1,6 @@ import "elf" -rule sekoiaio_apt_apt31_rekoobe { +rule apt_apt31_rekoobe { meta: id = "b1461a72-76ce-4cc5-ac84-3cc87454d288" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt33_falsefont.yar b/yara_rules/apt_apt33_falsefont.yar similarity index 97% rename from yara_rules/sekoiaio_apt_apt33_falsefont.yar rename to yara_rules/apt_apt33_falsefont.yar index e0cb20e..1572b58 100644 --- a/yara_rules/sekoiaio_apt_apt33_falsefont.yar +++ b/yara_rules/apt_apt33_falsefont.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt33_falsefont { +rule apt_apt33_falsefont { meta: id = "d77c1f5b-9898-456f-954a-ac1f0907a2ba" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt33_tickler.yar b/yara_rules/apt_apt33_tickler.yar similarity index 94% rename from yara_rules/sekoiaio_apt_apt33_tickler.yar rename to yara_rules/apt_apt33_tickler.yar index 831757b..c35f73b 100644 --- a/yara_rules/sekoiaio_apt_apt33_tickler.yar +++ b/yara_rules/apt_apt33_tickler.yar @@ -1,7 +1,7 @@ import "hash" import "pe" -rule sekoiaio_apt_apt33_tickler { +rule apt_apt33_tickler { meta: id = "e9ecf678-350c-47d2-ab4c-522974c70a45" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt35_iisraid_strings.yar b/yara_rules/apt_apt35_iisraid_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_apt35_iisraid_strings.yar rename to yara_rules/apt_apt35_iisraid_strings.yar index a03a785..8305337 100644 --- a/yara_rules/sekoiaio_apt_apt35_iisraid_strings.yar +++ b/yara_rules/apt_apt35_iisraid_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt35_iisraid_strings { +rule apt_apt35_iisraid_strings { meta: id = "ee42f406-0c7e-4385-9098-409611dbe0a5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt37_chinotto_powershell_variant.yar b/yara_rules/apt_apt37_chinotto_powershell_variant.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt37_chinotto_powershell_variant.yar rename to yara_rules/apt_apt37_chinotto_powershell_variant.yar index 26e3104..bff6e39 100644 --- a/yara_rules/sekoiaio_apt_apt37_chinotto_powershell_variant.yar +++ b/yara_rules/apt_apt37_chinotto_powershell_variant.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt37_chinotto_powershell_variant { +rule apt_apt37_chinotto_powershell_variant { meta: id = "fa42b225-58fe-4e00-b84b-df37491d8fdd" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt37_malicious_hta_file.yar b/yara_rules/apt_apt37_malicious_hta_file.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt37_malicious_hta_file.yar rename to yara_rules/apt_apt37_malicious_hta_file.yar index 6928960..920bd21 100644 --- a/yara_rules/sekoiaio_apt_apt37_malicious_hta_file.yar +++ b/yara_rules/apt_apt37_malicious_hta_file.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt37_malicious_hta_file { +rule apt_apt37_malicious_hta_file { meta: id = "22a98c27-8ff4-4760-b505-f8eacf4dabda" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt41_javascript_dropper.yar b/yara_rules/apt_apt41_javascript_dropper.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt41_javascript_dropper.yar rename to yara_rules/apt_apt41_javascript_dropper.yar index 352143f..255572a 100644 --- a/yara_rules/sekoiaio_apt_apt41_javascript_dropper.yar +++ b/yara_rules/apt_apt41_javascript_dropper.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt41_javascript_dropper { +rule apt_apt41_javascript_dropper { meta: id = "fde70806-af50-4706-9daf-d39ad0564fc7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt41_keyplug_dropper.yar b/yara_rules/apt_apt41_keyplug_dropper.yar similarity index 92% rename from yara_rules/sekoiaio_apt_apt41_keyplug_dropper.yar rename to yara_rules/apt_apt41_keyplug_dropper.yar index a6d94dd..b3a31da 100644 --- a/yara_rules/sekoiaio_apt_apt41_keyplug_dropper.yar +++ b/yara_rules/apt_apt41_keyplug_dropper.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt41_keyplug_dropper { +rule apt_apt41_keyplug_dropper { meta: id = "b6740371-c4c3-437e-8235-0bd4f7b9c3f5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt41_powershell_collection_script.yar b/yara_rules/apt_apt41_powershell_collection_script.yar similarity index 91% rename from yara_rules/sekoiaio_apt_apt41_powershell_collection_script.yar rename to yara_rules/apt_apt41_powershell_collection_script.yar index e4cb32b..774f783 100644 --- a/yara_rules/sekoiaio_apt_apt41_powershell_collection_script.yar +++ b/yara_rules/apt_apt41_powershell_collection_script.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt41_powershell_collection_script { +rule apt_apt41_powershell_collection_script { meta: id = "55b6cc3e-24b2-4faa-a7fb-b4203a8e6d83" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt41_powershell_exfiltration_script.yar b/yara_rules/apt_apt41_powershell_exfiltration_script.yar similarity index 90% rename from yara_rules/sekoiaio_apt_apt41_powershell_exfiltration_script.yar rename to yara_rules/apt_apt41_powershell_exfiltration_script.yar index 92804d5..00f1adc 100644 --- a/yara_rules/sekoiaio_apt_apt41_powershell_exfiltration_script.yar +++ b/yara_rules/apt_apt41_powershell_exfiltration_script.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt41_powershell_exfiltration_script { +rule apt_apt41_powershell_exfiltration_script { meta: id = "9a15f845-c0af-4f1c-a033-b4f40232dc0d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt_k_47_orpcbackdoor.yar b/yara_rules/apt_apt_k_47_orpcbackdoor.yar similarity index 93% rename from yara_rules/sekoiaio_apt_apt_k_47_orpcbackdoor.yar rename to yara_rules/apt_apt_k_47_orpcbackdoor.yar index 9554afd..46acd46 100644 --- a/yara_rules/sekoiaio_apt_apt_k_47_orpcbackdoor.yar +++ b/yara_rules/apt_apt_k_47_orpcbackdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt_k_47_orpcbackdoor { +rule apt_apt_k_47_orpcbackdoor { meta: id = "9768371d-763f-45df-b727-ccda97501aaa" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_apt_k_47_walkershell.yar b/yara_rules/apt_apt_k_47_walkershell.yar similarity index 93% rename from yara_rules/sekoiaio_apt_apt_k_47_walkershell.yar rename to yara_rules/apt_apt_k_47_walkershell.yar index c875c2c..464128e 100644 --- a/yara_rules/sekoiaio_apt_apt_k_47_walkershell.yar +++ b/yara_rules/apt_apt_k_47_walkershell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_apt_k_47_walkershell { +rule apt_apt_k_47_walkershell { meta: id = "201f8415-32d4-4af1-ba80-734554ced728" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_aptc36_vbs_maldoc.yar b/yara_rules/apt_aptc36_vbs_maldoc.yar similarity index 94% rename from yara_rules/sekoiaio_apt_aptc36_vbs_maldoc.yar rename to yara_rules/apt_aptc36_vbs_maldoc.yar index 73e466d..531c278 100644 --- a/yara_rules/sekoiaio_apt_aptc36_vbs_maldoc.yar +++ b/yara_rules/apt_aptc36_vbs_maldoc.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_aptc36_vbs_maldoc { +rule apt_aptc36_vbs_maldoc { meta: id = "f0ca061f-e94b-4f70-bbd1-8a15193652d3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_aptc60_downloader_strings.yar b/yara_rules/apt_aptc60_downloader_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_aptc60_downloader_strings.yar rename to yara_rules/apt_aptc60_downloader_strings.yar index 3a869f0..aac34ef 100644 --- a/yara_rules/sekoiaio_apt_aptc60_downloader_strings.yar +++ b/yara_rules/apt_aptc60_downloader_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_aptc60_downloader_strings { +rule apt_aptc60_downloader_strings { meta: id = "02fd6d5b-7211-46cc-bcff-ab5d78e459c0" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_aptk47_asyncshell.yar b/yara_rules/apt_aptk47_asyncshell.yar similarity index 95% rename from yara_rules/sekoiaio_apt_aptk47_asyncshell.yar rename to yara_rules/apt_aptk47_asyncshell.yar index 6b4dcd6..d182e8d 100644 --- a/yara_rules/sekoiaio_apt_aptk47_asyncshell.yar +++ b/yara_rules/apt_aptk47_asyncshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_aptk47_asyncshell { +rule apt_aptk47_asyncshell { meta: id = "2d009cf4-e30e-406d-8860-03b37a396ffa" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_aptk47_maliciouslnk.yar b/yara_rules/apt_aptk47_maliciouslnk.yar similarity index 92% rename from yara_rules/sekoiaio_apt_aptk47_maliciouslnk.yar rename to yara_rules/apt_aptk47_maliciouslnk.yar index e10ec0c..c80af01 100644 --- a/yara_rules/sekoiaio_apt_aptk47_maliciouslnk.yar +++ b/yara_rules/apt_aptk47_maliciouslnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_aptk47_maliciouslnk { +rule apt_aptk47_maliciouslnk { meta: id = "2ccc8777-26fe-4018-9646-4ea91394fe78" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_aridviper_rustsysjoker.yar b/yara_rules/apt_aridviper_rustsysjoker.yar similarity index 93% rename from yara_rules/sekoiaio_apt_aridviper_rustsysjoker.yar rename to yara_rules/apt_aridviper_rustsysjoker.yar index 7fd6e57..5372ec5 100644 --- a/yara_rules/sekoiaio_apt_aridviper_rustsysjoker.yar +++ b/yara_rules/apt_aridviper_rustsysjoker.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_aridviper_rustsysjoker { +rule apt_aridviper_rustsysjoker { meta: id = "14ff3f76-0371-4b45-9864-bf69c74e60aa" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_backdoordiplomaty_custommerlinagent_strings.yar b/yara_rules/apt_backdoordiplomaty_custommerlinagent_strings.yar similarity index 89% rename from yara_rules/sekoiaio_apt_backdoordiplomaty_custommerlinagent_strings.yar rename to yara_rules/apt_backdoordiplomaty_custommerlinagent_strings.yar index a5507d7..b893912 100644 --- a/yara_rules/sekoiaio_apt_backdoordiplomaty_custommerlinagent_strings.yar +++ b/yara_rules/apt_backdoordiplomaty_custommerlinagent_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_backdoordiplomaty_custommerlinagent_strings { +rule apt_backdoordiplomaty_custommerlinagent_strings { meta: id = "965693ba-93b8-4c52-9292-957884411968" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_backdoordiplomaty_phantomnet.yar b/yara_rules/apt_backdoordiplomaty_phantomnet.yar similarity index 91% rename from yara_rules/sekoiaio_apt_backdoordiplomaty_phantomnet.yar rename to yara_rules/apt_backdoordiplomaty_phantomnet.yar index 017df8f..77aa001 100644 --- a/yara_rules/sekoiaio_apt_backdoordiplomaty_phantomnet.yar +++ b/yara_rules/apt_backdoordiplomaty_phantomnet.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_backdoordiplomaty_phantomnet { +rule apt_backdoordiplomaty_phantomnet { meta: id = "bbcc0664-ef2b-47db-a546-b5e0aa2a1e9a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_commonmagic_generic_1.yar b/yara_rules/apt_badmagic_commonmagic_generic_1.yar similarity index 91% rename from yara_rules/sekoiaio_apt_badmagic_commonmagic_generic_1.yar rename to yara_rules/apt_badmagic_commonmagic_generic_1.yar index fc8d4cb..d1b57f6 100644 --- a/yara_rules/sekoiaio_apt_badmagic_commonmagic_generic_1.yar +++ b/yara_rules/apt_badmagic_commonmagic_generic_1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_commonmagic_generic_1 { +rule apt_badmagic_commonmagic_generic_1 { meta: id = "0b328771-f674-4606-bb30-d20d07c67832" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_commonmagic_generic_2.yar b/yara_rules/apt_badmagic_commonmagic_generic_2.yar similarity index 92% rename from yara_rules/sekoiaio_apt_badmagic_commonmagic_generic_2.yar rename to yara_rules/apt_badmagic_commonmagic_generic_2.yar index 4265d04..e6ab00d 100644 --- a/yara_rules/sekoiaio_apt_badmagic_commonmagic_generic_2.yar +++ b/yara_rules/apt_badmagic_commonmagic_generic_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_commonmagic_generic_2 { +rule apt_badmagic_commonmagic_generic_2 { meta: id = "c6a16ecc-e00a-4756-b603-f6c85e4f4220" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_commonmagic_main.yar b/yara_rules/apt_badmagic_commonmagic_main.yar similarity index 92% rename from yara_rules/sekoiaio_apt_badmagic_commonmagic_main.yar rename to yara_rules/apt_badmagic_commonmagic_main.yar index c59e978..a1d2377 100644 --- a/yara_rules/sekoiaio_apt_badmagic_commonmagic_main.yar +++ b/yara_rules/apt_badmagic_commonmagic_main.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_commonmagic_main { +rule apt_badmagic_commonmagic_main { meta: id = "99983df5-89d6-4fac-81e6-16e5ab20bde3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_commonmagic_screenshot_module.yar b/yara_rules/apt_badmagic_commonmagic_screenshot_module.yar similarity index 89% rename from yara_rules/sekoiaio_apt_badmagic_commonmagic_screenshot_module.yar rename to yara_rules/apt_badmagic_commonmagic_screenshot_module.yar index 962e9d2..e1ed06a 100644 --- a/yara_rules/sekoiaio_apt_badmagic_commonmagic_screenshot_module.yar +++ b/yara_rules/apt_badmagic_commonmagic_screenshot_module.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_commonmagic_screenshot_module { +rule apt_badmagic_commonmagic_screenshot_module { meta: id = "d1ef0bd1-37dc-405f-b82b-288b1798455c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_commonmagic_usbstealer.yar b/yara_rules/apt_badmagic_commonmagic_usbstealer.yar similarity index 91% rename from yara_rules/sekoiaio_apt_badmagic_commonmagic_usbstealer.yar rename to yara_rules/apt_badmagic_commonmagic_usbstealer.yar index 85dc507..5791a0a 100644 --- a/yara_rules/sekoiaio_apt_badmagic_commonmagic_usbstealer.yar +++ b/yara_rules/apt_badmagic_commonmagic_usbstealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_commonmagic_usbstealer { +rule apt_badmagic_commonmagic_usbstealer { meta: id = "37d5becc-f1c3-4400-bc10-cd6036d4dbb1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_generic_pshscript.yar b/yara_rules/apt_badmagic_generic_pshscript.yar similarity index 90% rename from yara_rules/sekoiaio_apt_badmagic_generic_pshscript.yar rename to yara_rules/apt_badmagic_generic_pshscript.yar index a279a62..73537cb 100644 --- a/yara_rules/sekoiaio_apt_badmagic_generic_pshscript.yar +++ b/yara_rules/apt_badmagic_generic_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_generic_pshscript { +rule apt_badmagic_generic_pshscript { meta: id = "82cda554-3c2b-4c04-b9f9-b5ba50c53271" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_installpzz_pshscript.yar b/yara_rules/apt_badmagic_installpzz_pshscript.yar similarity index 91% rename from yara_rules/sekoiaio_apt_badmagic_installpzz_pshscript.yar rename to yara_rules/apt_badmagic_installpzz_pshscript.yar index a500a3d..e5485ce 100644 --- a/yara_rules/sekoiaio_apt_badmagic_installpzz_pshscript.yar +++ b/yara_rules/apt_badmagic_installpzz_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_installpzz_pshscript { +rule apt_badmagic_installpzz_pshscript { meta: id = "d01bc217-9e14-498b-a92a-17f6aedec269" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_ld_dll_loader_pshscript.yar b/yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar similarity index 90% rename from yara_rules/sekoiaio_apt_badmagic_ld_dll_loader_pshscript.yar rename to yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar index 5d27d4f..bdd798c 100644 --- a/yara_rules/sekoiaio_apt_badmagic_ld_dll_loader_pshscript.yar +++ b/yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_ld_dll_loader_pshscript { +rule apt_badmagic_ld_dll_loader_pshscript { meta: id = "d4a23afc-693f-4fab-b2c4-15eecba047f7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_listfiles_pshscript.yar b/yara_rules/apt_badmagic_listfiles_pshscript.yar similarity index 89% rename from yara_rules/sekoiaio_apt_badmagic_listfiles_pshscript.yar rename to yara_rules/apt_badmagic_listfiles_pshscript.yar index 0a3dc78..ac61297 100644 --- a/yara_rules/sekoiaio_apt_badmagic_listfiles_pshscript.yar +++ b/yara_rules/apt_badmagic_listfiles_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_listfiles_pshscript { +rule apt_badmagic_listfiles_pshscript { meta: id = "55f1c409-234e-4feb-91a3-9bf5c41ec2b8" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_malicious_lnk.yar b/yara_rules/apt_badmagic_malicious_lnk.yar similarity index 92% rename from yara_rules/sekoiaio_apt_badmagic_malicious_lnk.yar rename to yara_rules/apt_badmagic_malicious_lnk.yar index 7c37071..c49ee0d 100644 --- a/yara_rules/sekoiaio_apt_badmagic_malicious_lnk.yar +++ b/yara_rules/apt_badmagic_malicious_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_malicious_lnk { +rule apt_badmagic_malicious_lnk { meta: id = "731bd51d-c4e4-4efb-9fa8-f981a8555ed3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_modules.yar b/yara_rules/apt_badmagic_modules.yar similarity index 93% rename from yara_rules/sekoiaio_apt_badmagic_modules.yar rename to yara_rules/apt_badmagic_modules.yar index 9566976..eab30a6 100644 --- a/yara_rules/sekoiaio_apt_badmagic_modules.yar +++ b/yara_rules/apt_badmagic_modules.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_badmagic_modules { +rule apt_badmagic_modules { meta: id = "e4f1f706-4a46-4a09-b598-e4e8d80f2c4b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_reco_pshscript.yar b/yara_rules/apt_badmagic_reco_pshscript.yar similarity index 91% rename from yara_rules/sekoiaio_apt_badmagic_reco_pshscript.yar rename to yara_rules/apt_badmagic_reco_pshscript.yar index c1d58f0..5c03fa8 100644 --- a/yara_rules/sekoiaio_apt_badmagic_reco_pshscript.yar +++ b/yara_rules/apt_badmagic_reco_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_reco_pshscript { +rule apt_badmagic_reco_pshscript { meta: id = "7a1b2d31-03b7-4a43-8f4e-ed38ba8e118e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_startngrok_pshscript.yar b/yara_rules/apt_badmagic_startngrok_pshscript.yar similarity index 91% rename from yara_rules/sekoiaio_apt_badmagic_startngrok_pshscript.yar rename to yara_rules/apt_badmagic_startngrok_pshscript.yar index 76c78e2..dcd36ea 100644 --- a/yara_rules/sekoiaio_apt_badmagic_startngrok_pshscript.yar +++ b/yara_rules/apt_badmagic_startngrok_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_startngrok_pshscript { +rule apt_badmagic_startngrok_pshscript { meta: id = "94d64482-3033-4531-8530-58546364ac06" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_badmagic_startrevsocks_pshscript.yar b/yara_rules/apt_badmagic_startrevsocks_pshscript.yar similarity index 89% rename from yara_rules/sekoiaio_apt_badmagic_startrevsocks_pshscript.yar rename to yara_rules/apt_badmagic_startrevsocks_pshscript.yar index feaf80a..206472a 100644 --- a/yara_rules/sekoiaio_apt_badmagic_startrevsocks_pshscript.yar +++ b/yara_rules/apt_badmagic_startrevsocks_pshscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_badmagic_startrevsocks_pshscript { +rule apt_badmagic_startrevsocks_pshscript { meta: id = "a6c96aee-9e78-47d2-afe3-f3c5246a9370" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_blackwood_nspx30_plugin.yar b/yara_rules/apt_blackwood_nspx30_plugin.yar similarity index 92% rename from yara_rules/sekoiaio_apt_blackwood_nspx30_plugin.yar rename to yara_rules/apt_blackwood_nspx30_plugin.yar index 25c5209..7cbd429 100644 --- a/yara_rules/sekoiaio_apt_blackwood_nspx30_plugin.yar +++ b/yara_rules/apt_blackwood_nspx30_plugin.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_blackwood_nspx30_plugin { +rule apt_blackwood_nspx30_plugin { meta: id = "ef8e0d51-c78c-426b-8008-910e27546f23" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_boldmove_strings.yar b/yara_rules/apt_boldmove_strings.yar similarity index 94% rename from yara_rules/sekoiaio_apt_boldmove_strings.yar rename to yara_rules/apt_boldmove_strings.yar index 2d2a553..a22d1ff 100644 --- a/yara_rules/sekoiaio_apt_boldmove_strings.yar +++ b/yara_rules/apt_boldmove_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_boldmove_strings { +rule apt_boldmove_strings { meta: id = "0458e282-f92f-4600-964a-de6b66b4a82d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_buhtrap_maldocx.yar b/yara_rules/apt_buhtrap_maldocx.yar similarity index 95% rename from yara_rules/sekoiaio_apt_buhtrap_maldocx.yar rename to yara_rules/apt_buhtrap_maldocx.yar index 837cd4b..c879321 100644 --- a/yara_rules/sekoiaio_apt_buhtrap_maldocx.yar +++ b/yara_rules/apt_buhtrap_maldocx.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_buhtrap_maldocx { +rule apt_buhtrap_maldocx { meta: id = "4aaba2f1-fafd-4e3f-8b18-7beda11464d1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cerana_keeper_dropboxflop.yar b/yara_rules/apt_cerana_keeper_dropboxflop.yar similarity index 91% rename from yara_rules/sekoiaio_apt_cerana_keeper_dropboxflop.yar rename to yara_rules/apt_cerana_keeper_dropboxflop.yar index 61474dc..84c68af 100644 --- a/yara_rules/sekoiaio_apt_cerana_keeper_dropboxflop.yar +++ b/yara_rules/apt_cerana_keeper_dropboxflop.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cerana_keeper_dropboxflop { +rule apt_cerana_keeper_dropboxflop { meta: id = "e077901f-3847-45f3-82cb-d52724cd3fb5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cerana_keeper_yk0130.yar b/yara_rules/apt_cerana_keeper_yk0130.yar similarity index 92% rename from yara_rules/sekoiaio_apt_cerana_keeper_yk0130.yar rename to yara_rules/apt_cerana_keeper_yk0130.yar index 1abfd4f..283c067 100644 --- a/yara_rules/sekoiaio_apt_cerana_keeper_yk0130.yar +++ b/yara_rules/apt_cerana_keeper_yk0130.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cerana_keeper_yk0130 { +rule apt_cerana_keeper_yk0130 { meta: id = "3da898a9-68e7-472f-8478-a0243840ec0a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_init_module_virtualalloc.yar b/yara_rules/apt_cloudatlas_init_module_virtualalloc.yar similarity index 93% rename from yara_rules/sekoiaio_apt_cloudatlas_init_module_virtualalloc.yar rename to yara_rules/apt_cloudatlas_init_module_virtualalloc.yar index ea22562..19722ec 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_init_module_virtualalloc.yar +++ b/yara_rules/apt_cloudatlas_init_module_virtualalloc.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_init_module_virtualalloc { +rule apt_cloudatlas_init_module_virtualalloc { meta: id = "299ed681-9d1f-4b47-8389-ff5a608f49d4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_powershower_clean.yar b/yara_rules/apt_cloudatlas_powershower_clean.yar similarity index 92% rename from yara_rules/sekoiaio_apt_cloudatlas_powershower_clean.yar rename to yara_rules/apt_cloudatlas_powershower_clean.yar index 25b4baa..8f74f0c 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_powershower_clean.yar +++ b/yara_rules/apt_cloudatlas_powershower_clean.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_powershower_clean { +rule apt_cloudatlas_powershower_clean { meta: id = "4a7c37df-3f53-4190-a86f-94bba3df628e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_powershower_module.yar b/yara_rules/apt_cloudatlas_powershower_module.yar similarity index 90% rename from yara_rules/sekoiaio_apt_cloudatlas_powershower_module.yar rename to yara_rules/apt_cloudatlas_powershower_module.yar index 1224f42..fe5cf62 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_powershower_module.yar +++ b/yara_rules/apt_cloudatlas_powershower_module.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_powershower_module { +rule apt_cloudatlas_powershower_module { meta: id = "dd688058-3d5d-46a7-8380-fe961c3327cd" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_powershower_obfuscated.yar b/yara_rules/apt_cloudatlas_powershower_obfuscated.yar similarity index 91% rename from yara_rules/sekoiaio_apt_cloudatlas_powershower_obfuscated.yar rename to yara_rules/apt_cloudatlas_powershower_obfuscated.yar index 7062f19..55c62e2 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_powershower_obfuscated.yar +++ b/yara_rules/apt_cloudatlas_powershower_obfuscated.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_powershower_obfuscated { +rule apt_cloudatlas_powershower_obfuscated { meta: id = "f76ab9d8-7753-4a17-aedd-fc9c3b8cd322" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_powershower_variant.yar b/yara_rules/apt_cloudatlas_powershower_variant.yar similarity index 90% rename from yara_rules/sekoiaio_apt_cloudatlas_powershower_variant.yar rename to yara_rules/apt_cloudatlas_powershower_variant.yar index 862616d..081cfa0 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_powershower_variant.yar +++ b/yara_rules/apt_cloudatlas_powershower_variant.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_powershower_variant { +rule apt_cloudatlas_powershower_variant { meta: id = "416d0cb0-bc59-47ae-8a98-d7b39f8108ab" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_powertunnel.yar b/yara_rules/apt_cloudatlas_powertunnel.yar similarity index 92% rename from yara_rules/sekoiaio_apt_cloudatlas_powertunnel.yar rename to yara_rules/apt_cloudatlas_powertunnel.yar index 2ce125c..c4525af 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_powertunnel.yar +++ b/yara_rules/apt_cloudatlas_powertunnel.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_powertunnel { +rule apt_cloudatlas_powertunnel { meta: id = "04981493-de8b-4662-ae81-8866c182f8b2" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_powertunnel_loader.yar b/yara_rules/apt_cloudatlas_powertunnel_loader.yar similarity index 91% rename from yara_rules/sekoiaio_apt_cloudatlas_powertunnel_loader.yar rename to yara_rules/apt_cloudatlas_powertunnel_loader.yar index fdee375..e7861e1 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_powertunnel_loader.yar +++ b/yara_rules/apt_cloudatlas_powertunnel_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_powertunnel_loader { +rule apt_cloudatlas_powertunnel_loader { meta: id = "f2333b8a-99e9-4f28-b0d8-4f7dc4c648c5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar b/yara_rules/apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar similarity index 89% rename from yara_rules/sekoiaio_apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar rename to yara_rules/apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar index 45bb79f..6014256 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar +++ b/yara_rules/apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_rtf_shellcode_cve_2018_0798 { +rule apt_cloudatlas_rtf_shellcode_cve_2018_0798 { meta: id = "6c602c66-df40-4436-800f-e548dacc1e81" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudatlas_stagescalldllmainafterexec.yar b/yara_rules/apt_cloudatlas_stagescalldllmainafterexec.yar similarity index 93% rename from yara_rules/sekoiaio_apt_cloudatlas_stagescalldllmainafterexec.yar rename to yara_rules/apt_cloudatlas_stagescalldllmainafterexec.yar index 8f2eb32..ad16bc8 100644 --- a/yara_rules/sekoiaio_apt_cloudatlas_stagescalldllmainafterexec.yar +++ b/yara_rules/apt_cloudatlas_stagescalldllmainafterexec.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudatlas_stagescalldllmainafterexec { +rule apt_cloudatlas_stagescalldllmainafterexec { meta: id = "a24b7887-87f6-44e3-80c5-cd117e694595" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudmensis_downloader_strings.yar b/yara_rules/apt_cloudmensis_downloader_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_cloudmensis_downloader_strings.yar rename to yara_rules/apt_cloudmensis_downloader_strings.yar index 902d542..603223a 100644 --- a/yara_rules/sekoiaio_apt_cloudmensis_downloader_strings.yar +++ b/yara_rules/apt_cloudmensis_downloader_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudmensis_downloader_strings { +rule apt_cloudmensis_downloader_strings { meta: id = "450cfa42-7b56-4d93-afe2-9cf5c1049217" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cloudmensis_spyagent_strings.yar b/yara_rules/apt_cloudmensis_spyagent_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_cloudmensis_spyagent_strings.yar rename to yara_rules/apt_cloudmensis_spyagent_strings.yar index c0b7f59..9684f1c 100644 --- a/yara_rules/sekoiaio_apt_cloudmensis_spyagent_strings.yar +++ b/yara_rules/apt_cloudmensis_spyagent_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cloudmensis_spyagent_strings { +rule apt_cloudmensis_spyagent_strings { meta: id = "c2df8373-6698-4b23-9d77-8e7968bd69f0" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_coathanger_beacon.yar b/yara_rules/apt_coathanger_beacon.yar similarity index 93% rename from yara_rules/sekoiaio_apt_coathanger_beacon.yar rename to yara_rules/apt_coathanger_beacon.yar index affbc4e..a72a92f 100644 --- a/yara_rules/sekoiaio_apt_coathanger_beacon.yar +++ b/yara_rules/apt_coathanger_beacon.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_coathanger_beacon { +rule apt_coathanger_beacon { meta: id = "cc201479-016a-46d2-a9e2-41b4914ce618" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_coathanger_files.yar b/yara_rules/apt_coathanger_files.yar similarity index 94% rename from yara_rules/sekoiaio_apt_coathanger_files.yar rename to yara_rules/apt_coathanger_files.yar index 012a8e9..3825394 100644 --- a/yara_rules/sekoiaio_apt_coathanger_files.yar +++ b/yara_rules/apt_coathanger_files.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_coathanger_files { +rule apt_coathanger_files { meta: id = "615f5ac1-14bc-4f5b-a02e-7b13cd179917" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_cottonsandstorm_win_implant.yar b/yara_rules/apt_cottonsandstorm_win_implant.yar similarity index 93% rename from yara_rules/sekoiaio_apt_cottonsandstorm_win_implant.yar rename to yara_rules/apt_cottonsandstorm_win_implant.yar index c736781..6120f89 100644 --- a/yara_rules/sekoiaio_apt_cottonsandstorm_win_implant.yar +++ b/yara_rules/apt_cottonsandstorm_win_implant.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_cottonsandstorm_win_implant { +rule apt_cottonsandstorm_win_implant { meta: id = "04a5255c-f9bb-4612-b0e2-ed0326867055" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_dark_pink_pdb_path.yar b/yara_rules/apt_dark_pink_pdb_path.yar similarity index 94% rename from yara_rules/sekoiaio_apt_dark_pink_pdb_path.yar rename to yara_rules/apt_dark_pink_pdb_path.yar index 8b80b57..806a4dd 100644 --- a/yara_rules/sekoiaio_apt_dark_pink_pdb_path.yar +++ b/yara_rules/apt_dark_pink_pdb_path.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_dark_pink_pdb_path { +rule apt_dark_pink_pdb_path { meta: id = "695586dc-66de-4f9d-814a-2d81261a7357" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_darkpink_kamikakabot_strings.yar b/yara_rules/apt_darkpink_kamikakabot_strings.yar similarity index 95% rename from yara_rules/sekoiaio_apt_darkpink_kamikakabot_strings.yar rename to yara_rules/apt_darkpink_kamikakabot_strings.yar index 8cbe16f..e28b029 100644 --- a/yara_rules/sekoiaio_apt_darkpink_kamikakabot_strings.yar +++ b/yara_rules/apt_darkpink_kamikakabot_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_darkpink_kamikakabot_strings { +rule apt_darkpink_kamikakabot_strings { meta: id = "0f5a7d72-81c8-4fdd-aefd-136bc6d48aa5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_darkpink_loader_decryptionroutine.yar b/yara_rules/apt_darkpink_loader_decryptionroutine.yar similarity index 95% rename from yara_rules/sekoiaio_apt_darkpink_loader_decryptionroutine.yar rename to yara_rules/apt_darkpink_loader_decryptionroutine.yar index a212aba..5b39695 100644 --- a/yara_rules/sekoiaio_apt_darkpink_loader_decryptionroutine.yar +++ b/yara_rules/apt_darkpink_loader_decryptionroutine.yar @@ -1,7 +1,7 @@ import "hash" import "pe" -rule sekoiaio_apt_darkpink_loader_decryptionroutine { +rule apt_darkpink_loader_decryptionroutine { meta: id = "fefc7b2f-eecc-49dc-84bc-24c45e9ea8f0" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_darkpink_sample.yar b/yara_rules/apt_darkpink_sample.yar similarity index 94% rename from yara_rules/sekoiaio_apt_darkpink_sample.yar rename to yara_rules/apt_darkpink_sample.yar index 5724fdd..1dd3c7d 100644 --- a/yara_rules/sekoiaio_apt_darkpink_sample.yar +++ b/yara_rules/apt_darkpink_sample.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_darkpink_sample { +rule apt_darkpink_sample { meta: id = "91b4c64a-7622-4f03-bd3f-9fe56f01dfbe" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_emberbear_credpump_strings.yar b/yara_rules/apt_emberbear_credpump_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_emberbear_credpump_strings.yar rename to yara_rules/apt_emberbear_credpump_strings.yar index fac0abe..3902609 100644 --- a/yara_rules/sekoiaio_apt_emberbear_credpump_strings.yar +++ b/yara_rules/apt_emberbear_credpump_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_emberbear_credpump_strings { +rule apt_emberbear_credpump_strings { meta: id = "c9898e34-4ab8-49d6-9c8a-3fce592449e2" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_luckymouse_sysupdate_removing_tool.yar b/yara_rules/apt_emissarypanda_sysupdate_removing_tool.yar similarity index 90% rename from yara_rules/sekoiaio_apt_luckymouse_sysupdate_removing_tool.yar rename to yara_rules/apt_emissarypanda_sysupdate_removing_tool.yar index 212a98a..2cb6961 100644 --- a/yara_rules/sekoiaio_apt_luckymouse_sysupdate_removing_tool.yar +++ b/yara_rules/apt_emissarypanda_sysupdate_removing_tool.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_luckymouse_sysupdate_removing_tool { +rule apt_emissarypanda_sysupdate_removing_tool { meta: id = "711d059c-6229-49ef-aa20-a04d505838dc" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_emissarypanda_web_auto_attack_tool.yar b/yara_rules/apt_emissarypanda_web_auto_attack_tool.yar similarity index 92% rename from yara_rules/sekoiaio_apt_emissarypanda_web_auto_attack_tool.yar rename to yara_rules/apt_emissarypanda_web_auto_attack_tool.yar index a8c9b06..d756207 100644 --- a/yara_rules/sekoiaio_apt_emissarypanda_web_auto_attack_tool.yar +++ b/yara_rules/apt_emissarypanda_web_auto_attack_tool.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_emissarypanda_web_auto_attack_tool { +rule apt_emissarypanda_web_auto_attack_tool { meta: id = "c93eb792-a443-4c9a-8fcb-6015cc69f9b3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_evasive_panda_downloader_certificate_exe.yar b/yara_rules/apt_evasive_panda_downloader_certificate_exe.yar similarity index 88% rename from yara_rules/sekoiaio_apt_evasive_panda_downloader_certificate_exe.yar rename to yara_rules/apt_evasive_panda_downloader_certificate_exe.yar index 5643e5c..94134e1 100644 --- a/yara_rules/sekoiaio_apt_evasive_panda_downloader_certificate_exe.yar +++ b/yara_rules/apt_evasive_panda_downloader_certificate_exe.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_evasive_panda_downloader_certificate_exe { +rule apt_evasive_panda_downloader_certificate_exe { meta: id = "1b40fca9-04b1-46b3-b48c-5a148a1b36b9" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_evasive_panda_rphost_dll.yar b/yara_rules/apt_evasive_panda_rphost_dll.yar similarity index 92% rename from yara_rules/sekoiaio_apt_evasive_panda_rphost_dll.yar rename to yara_rules/apt_evasive_panda_rphost_dll.yar index 6ec0ee3..4180744 100644 --- a/yara_rules/sekoiaio_apt_evasive_panda_rphost_dll.yar +++ b/yara_rules/apt_evasive_panda_rphost_dll.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_evasive_panda_rphost_dll { +rule apt_evasive_panda_rphost_dll { meta: id = "8d70639d-b736-4823-86ad-37f0e383b5f7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_flightnight_malicious_lnk.yar b/yara_rules/apt_flightnight_malicious_lnk.yar similarity index 92% rename from yara_rules/sekoiaio_apt_flightnight_malicious_lnk.yar rename to yara_rules/apt_flightnight_malicious_lnk.yar index c43e2cc..756e955 100644 --- a/yara_rules/sekoiaio_apt_flightnight_malicious_lnk.yar +++ b/yara_rules/apt_flightnight_malicious_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_flightnight_malicious_lnk { +rule apt_flightnight_malicious_lnk { meta: id = "06f33ece-ac9f-4dd3-98fb-cd69305ee995" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_ddrdoh_powershell_backdoor.yar b/yara_rules/apt_gamaredon_ddrdoh_powershell_backdoor.yar similarity index 91% rename from yara_rules/sekoiaio_apt_gamaredon_ddrdoh_powershell_backdoor.yar rename to yara_rules/apt_gamaredon_ddrdoh_powershell_backdoor.yar index fefaaa1..a794659 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_ddrdoh_powershell_backdoor.yar +++ b/yara_rules/apt_gamaredon_ddrdoh_powershell_backdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_ddrdoh_powershell_backdoor { +rule apt_gamaredon_ddrdoh_powershell_backdoor { meta: id = "3413dedd-e3ec-4231-8af7-c7f709ab82d7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader.yar b/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar similarity index 94% rename from yara_rules/sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader.yar rename to yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar index aed8ee9..ef1514a 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader.yar +++ b/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader { +rule apt_gamaredon_ddrdoh_vbs_downloader { meta: id = "c934b95d-d81d-4f58-a752-1bb31ba8593d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar b/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar similarity index 92% rename from yara_rules/sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar rename to yara_rules/apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar index 62e2cc3..5a2924c 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar +++ b/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_ddrdoh_vbs_downloader_vbs { +rule apt_gamaredon_ddrdoh_vbs_downloader_vbs { meta: id = "cc29d5d9-58bd-4f68-8673-daa41abfc7be" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_doc_external_template.yar b/yara_rules/apt_gamaredon_doc_external_template.yar similarity index 90% rename from yara_rules/sekoiaio_apt_gamaredon_doc_external_template.yar rename to yara_rules/apt_gamaredon_doc_external_template.yar index 0d27d72..0a3b0ae 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_doc_external_template.yar +++ b/yara_rules/apt_gamaredon_doc_external_template.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_doc_external_template { +rule apt_gamaredon_doc_external_template { meta: id = "5f6bbf92-2fdf-428d-af49-2d3e754c29d7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_flash_infostealer.yar b/yara_rules/apt_gamaredon_flash_infostealer.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gamaredon_flash_infostealer.yar rename to yara_rules/apt_gamaredon_flash_infostealer.yar index 543038b..605d843 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_flash_infostealer.yar +++ b/yara_rules/apt_gamaredon_flash_infostealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_flash_infostealer { +rule apt_gamaredon_flash_infostealer { meta: id = "f060fe4b-74fd-4ef3-ac86-916e2113ff24" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader.yar b/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader.yar rename to yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader.yar index 46f2b48..d838ac0 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader.yar +++ b/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader { +rule apt_gamaredon_gamaredon_lnk_usb_spreader { meta: id = "a0972e30-bfc5-48ff-b04b-382db8c08a54" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar b/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar similarity index 90% rename from yara_rules/sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar rename to yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar index 69b90f4..d13384b 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar +++ b/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_gamaredon_lnk_usb_spreader_encoded { +rule apt_gamaredon_gamaredon_lnk_usb_spreader_encoded { meta: id = "e42bb654-d1aa-4219-b3da-dd4053d59a83" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_gammaload_malicioushta.yar b/yara_rules/apt_gamaredon_gammaload_malicioushta.yar similarity index 92% rename from yara_rules/sekoiaio_apt_gamaredon_gammaload_malicioushta.yar rename to yara_rules/apt_gamaredon_gammaload_malicioushta.yar index f1155a8..e72a33f 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_gammaload_malicioushta.yar +++ b/yara_rules/apt_gamaredon_gammaload_malicioushta.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_gammaload_malicioushta { +rule apt_gamaredon_gammaload_malicioushta { meta: id = "e5e502db-7f37-40f2-9ba3-81e158e767db" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_gammaload_maliciouslnk.yar b/yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar similarity index 90% rename from yara_rules/sekoiaio_apt_gamaredon_gammaload_maliciouslnk.yar rename to yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar index c60dc33..26eb660 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_gammaload_maliciouslnk.yar +++ b/yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_gammaload_maliciouslnk { +rule apt_gamaredon_gammaload_maliciouslnk { meta: id = "2612e6c6-0bda-4bfa-a840-aa0a0b4c945b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_getlogicaldrive_hunting.yar b/yara_rules/apt_gamaredon_getlogicaldrive_hunting.yar similarity index 91% rename from yara_rules/sekoiaio_apt_gamaredon_getlogicaldrive_hunting.yar rename to yara_rules/apt_gamaredon_getlogicaldrive_hunting.yar index 93d6948..632a1d2 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_getlogicaldrive_hunting.yar +++ b/yara_rules/apt_gamaredon_getlogicaldrive_hunting.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_getlogicaldrive_hunting { +rule apt_gamaredon_getlogicaldrive_hunting { meta: id = "18958ee8-7eb8-43b5-8ad2-be93bb39aa80" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_2024.yar b/yara_rules/apt_gamaredon_htmlsmuggling_2024.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_2024.yar rename to yara_rules/apt_gamaredon_htmlsmuggling_2024.yar index bd6803a..4a32446 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_2024.yar +++ b/yara_rules/apt_gamaredon_htmlsmuggling_2024.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_htmlsmuggling_2024 { +rule apt_gamaredon_htmlsmuggling_2024 { meta: id = "8fa1f80b-2261-4d63-92d8-7c360be73fe2" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_attachment.yar b/yara_rules/apt_gamaredon_htmlsmuggling_attachment.yar similarity index 90% rename from yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_attachment.yar rename to yara_rules/apt_gamaredon_htmlsmuggling_attachment.yar index d34373c..b54aaa9 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_attachment.yar +++ b/yara_rules/apt_gamaredon_htmlsmuggling_attachment.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_htmlsmuggling_attachment { +rule apt_gamaredon_htmlsmuggling_attachment { meta: id = "a39b6e67-9327-4c5b-902a-b9853cfefc8e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_attachment_stage2.yar b/yara_rules/apt_gamaredon_htmlsmuggling_attachment_stage2.yar similarity index 90% rename from yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_attachment_stage2.yar rename to yara_rules/apt_gamaredon_htmlsmuggling_attachment_stage2.yar index b8d0fd2..dfd0305 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_htmlsmuggling_attachment_stage2.yar +++ b/yara_rules/apt_gamaredon_htmlsmuggling_attachment_stage2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_htmlsmuggling_attachment_stage2 { +rule apt_gamaredon_htmlsmuggling_attachment_stage2 { meta: id = "e82335ea-48d5-409c-a270-cfd5a2197c44" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_lnk.yar b/yara_rules/apt_gamaredon_lnk.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gamaredon_lnk.yar rename to yara_rules/apt_gamaredon_lnk.yar index 349a4a1..4f8ba42 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_lnk.yar +++ b/yara_rules/apt_gamaredon_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_lnk { +rule apt_gamaredon_lnk { meta: id = "bfa69d84-433c-4f37-93b7-5b1b11677fbb" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_lnk_spreader.yar b/yara_rules/apt_gamaredon_lnk_spreader.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gamaredon_lnk_spreader.yar rename to yara_rules/apt_gamaredon_lnk_spreader.yar index 92f128f..51aec40 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_lnk_spreader.yar +++ b/yara_rules/apt_gamaredon_lnk_spreader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_lnk_spreader { +rule apt_gamaredon_lnk_spreader { meta: id = "2866ca1d-c094-49ba-b1de-ff9a60680e28" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_lnks_farl139_hostname.yar b/yara_rules/apt_gamaredon_lnks_farl139_hostname.yar similarity index 89% rename from yara_rules/sekoiaio_apt_gamaredon_lnks_farl139_hostname.yar rename to yara_rules/apt_gamaredon_lnks_farl139_hostname.yar index 1fc2d82..289db5d 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_lnks_farl139_hostname.yar +++ b/yara_rules/apt_gamaredon_lnks_farl139_hostname.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_lnks_farl139_hostname { +rule apt_gamaredon_lnks_farl139_hostname { meta: id = "f8bb2e6b-e544-46b0-b61b-048fe84e1100" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_powerrevshell.yar b/yara_rules/apt_gamaredon_powerrevshell.yar similarity index 91% rename from yara_rules/sekoiaio_apt_gamaredon_powerrevshell.yar rename to yara_rules/apt_gamaredon_powerrevshell.yar index d8805e2..cdc5333 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_powerrevshell.yar +++ b/yara_rules/apt_gamaredon_powerrevshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_powerrevshell { +rule apt_gamaredon_powerrevshell { meta: id = "b5161c23-c607-4096-9f4a-1be516a0a614" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_stealer_obfuscation_1.yar b/yara_rules/apt_gamaredon_stealer_obfuscation_1.yar similarity index 92% rename from yara_rules/sekoiaio_apt_gamaredon_stealer_obfuscation_1.yar rename to yara_rules/apt_gamaredon_stealer_obfuscation_1.yar index 25e0aca..3d583ca 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_stealer_obfuscation_1.yar +++ b/yara_rules/apt_gamaredon_stealer_obfuscation_1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_stealer_obfuscation_1 { +rule apt_gamaredon_stealer_obfuscation_1 { meta: id = "a6197d16-8ed1-410b-8814-d7eff9a8096c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_stealer_obfuscation_2.yar b/yara_rules/apt_gamaredon_stealer_obfuscation_2.yar similarity index 90% rename from yara_rules/sekoiaio_apt_gamaredon_stealer_obfuscation_2.yar rename to yara_rules/apt_gamaredon_stealer_obfuscation_2.yar index ad20737..1130a92 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_stealer_obfuscation_2.yar +++ b/yara_rules/apt_gamaredon_stealer_obfuscation_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_stealer_obfuscation_2 { +rule apt_gamaredon_stealer_obfuscation_2 { meta: id = "fd278a90-537b-4c67-9421-01c9f2416b60" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_subtle_paws.yar b/yara_rules/apt_gamaredon_subtle_paws.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gamaredon_subtle_paws.yar rename to yara_rules/apt_gamaredon_subtle_paws.yar index 7010fc9..1bc16f0 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_subtle_paws.yar +++ b/yara_rules/apt_gamaredon_subtle_paws.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_subtle_paws { +rule apt_gamaredon_subtle_paws { meta: id = "1950f886-97d2-4aa1-8f13-2947eba706e4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gamaredon_vbs_downloader.yar b/yara_rules/apt_gamaredon_vbs_downloader.yar similarity index 94% rename from yara_rules/sekoiaio_apt_gamaredon_vbs_downloader.yar rename to yara_rules/apt_gamaredon_vbs_downloader.yar index 4b7c126..d2658a3 100644 --- a/yara_rules/sekoiaio_apt_gamaredon_vbs_downloader.yar +++ b/yara_rules/apt_gamaredon_vbs_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gamaredon_vbs_downloader { +rule apt_gamaredon_vbs_downloader { meta: id = "13b63570-2f18-4b35-8087-9ab15c58a0d1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gelsemium_firewood_backdoor.yar b/yara_rules/apt_gelsemium_firewood_backdoor.yar similarity index 92% rename from yara_rules/sekoiaio_apt_gelsemium_firewood_backdoor.yar rename to yara_rules/apt_gelsemium_firewood_backdoor.yar index 86ce99e..09b967a 100644 --- a/yara_rules/sekoiaio_apt_gelsemium_firewood_backdoor.yar +++ b/yara_rules/apt_gelsemium_firewood_backdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gelsemium_firewood_backdoor { +rule apt_gelsemium_firewood_backdoor { meta: id = "93670c07-9edd-4ea2-b8ed-6fee625491f4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gelsemium_wolfsbane_backdoor.yar b/yara_rules/apt_gelsemium_wolfsbane_backdoor.yar similarity index 92% rename from yara_rules/sekoiaio_apt_gelsemium_wolfsbane_backdoor.yar rename to yara_rules/apt_gelsemium_wolfsbane_backdoor.yar index 8f6a71c..44b6515 100644 --- a/yara_rules/sekoiaio_apt_gelsemium_wolfsbane_backdoor.yar +++ b/yara_rules/apt_gelsemium_wolfsbane_backdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gelsemium_wolfsbane_backdoor { +rule apt_gelsemium_wolfsbane_backdoor { meta: id = "db2ad5a4-b592-4646-a385-c668bb2ea090" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gelsemium_wolfsbane_launcher.yar b/yara_rules/apt_gelsemium_wolfsbane_launcher.yar similarity index 92% rename from yara_rules/sekoiaio_apt_gelsemium_wolfsbane_launcher.yar rename to yara_rules/apt_gelsemium_wolfsbane_launcher.yar index 961f1fa..8930faf 100644 --- a/yara_rules/sekoiaio_apt_gelsemium_wolfsbane_launcher.yar +++ b/yara_rules/apt_gelsemium_wolfsbane_launcher.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gelsemium_wolfsbane_launcher { +rule apt_gelsemium_wolfsbane_launcher { meta: id = "26fbf4df-aa08-47b6-a73c-e8f80a408454" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gelsemium_wolfsbane_rootkit.yar b/yara_rules/apt_gelsemium_wolfsbane_rootkit.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gelsemium_wolfsbane_rootkit.yar rename to yara_rules/apt_gelsemium_wolfsbane_rootkit.yar index fd741b5..816a3cb 100644 --- a/yara_rules/sekoiaio_apt_gelsemium_wolfsbane_rootkit.yar +++ b/yara_rules/apt_gelsemium_wolfsbane_rootkit.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gelsemium_wolfsbane_rootkit { +rule apt_gelsemium_wolfsbane_rootkit { meta: id = "e93f4515-62f5-4057-a464-aae11cbe0639" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_globalshadow.yar b/yara_rules/apt_globalshadow.yar similarity index 96% rename from yara_rules/sekoiaio_apt_globalshadow.yar rename to yara_rules/apt_globalshadow.yar index 58f9246..ac51fd6 100644 --- a/yara_rules/sekoiaio_apt_globalshadow.yar +++ b/yara_rules/apt_globalshadow.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_globalshadow { +rule apt_globalshadow { meta: id = "2fef6192-25a6-4d6a-8e19-53ad51617d90" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_gobrat_2.yar b/yara_rules/apt_gobrat_2.yar similarity index 93% rename from yara_rules/sekoiaio_apt_gobrat_2.yar rename to yara_rules/apt_gobrat_2.yar index 522c75c..a1c294f 100644 --- a/yara_rules/sekoiaio_apt_gobrat_2.yar +++ b/yara_rules/apt_gobrat_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_gobrat_2 { +rule apt_gobrat_2 { meta: id = "6b7e38f5-00bc-49c8-b34d-3e878bf426d8" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_granitetyphoon_pingpulllinux_strings.yar b/yara_rules/apt_granitetyphoon_pingpulllinux_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_granitetyphoon_pingpulllinux_strings.yar rename to yara_rules/apt_granitetyphoon_pingpulllinux_strings.yar index e1d57c3..6ee6b6b 100644 --- a/yara_rules/sekoiaio_apt_granitetyphoon_pingpulllinux_strings.yar +++ b/yara_rules/apt_granitetyphoon_pingpulllinux_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_granitetyphoon_pingpulllinux_strings { +rule apt_granitetyphoon_pingpulllinux_strings { meta: id = "ee213206-d9ad-47fa-bea1-61a9d2cfba58" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_granitetyphoon_sword2023_strings.yar b/yara_rules/apt_granitetyphoon_sword2023_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_granitetyphoon_sword2023_strings.yar rename to yara_rules/apt_granitetyphoon_sword2023_strings.yar index 87b8256..ee613d4 100644 --- a/yara_rules/sekoiaio_apt_granitetyphoon_sword2023_strings.yar +++ b/yara_rules/apt_granitetyphoon_sword2023_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_granitetyphoon_sword2023_strings { +rule apt_granitetyphoon_sword2023_strings { meta: id = "417b355f-9eb8-40ae-bc3b-f7f23b5ca63e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_icepeony_icecache.yar b/yara_rules/apt_icepeony_icecache.yar similarity index 97% rename from yara_rules/sekoiaio_apt_icepeony_icecache.yar rename to yara_rules/apt_icepeony_icecache.yar index 616cdb8..65b3f3f 100644 --- a/yara_rules/sekoiaio_apt_icepeony_icecache.yar +++ b/yara_rules/apt_icepeony_icecache.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_icepeony_icecache { +rule apt_icepeony_icecache { meta: id = "3135c70e-c925-4d26-beed-09424fc0c153" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_icepeony_iceevent.yar b/yara_rules/apt_icepeony_iceevent.yar similarity index 95% rename from yara_rules/sekoiaio_apt_icepeony_iceevent.yar rename to yara_rules/apt_icepeony_iceevent.yar index 51cead4..995cded 100644 --- a/yara_rules/sekoiaio_apt_icepeony_iceevent.yar +++ b/yara_rules/apt_icepeony_iceevent.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_icepeony_iceevent { +rule apt_icepeony_iceevent { meta: id = "7d1f8b90-fde4-4d5c-a8a3-375db8aa88a1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_implant_xdealer_linux_variant_strings.yar b/yara_rules/apt_implant_xdealer_linux_variant_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_implant_xdealer_linux_variant_strings.yar rename to yara_rules/apt_implant_xdealer_linux_variant_strings.yar index afe0e0a..ada9c8b 100644 --- a/yara_rules/sekoiaio_apt_implant_xdealer_linux_variant_strings.yar +++ b/yara_rules/apt_implant_xdealer_linux_variant_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_implant_xdealer_linux_variant_strings { +rule apt_implant_xdealer_linux_variant_strings { meta: id = "42690513-753f-4296-b641-4d3b59a5e5e1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_implant_xdealer_stealer_strings.yar b/yara_rules/apt_implant_xdealer_stealer_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_implant_xdealer_stealer_strings.yar rename to yara_rules/apt_implant_xdealer_stealer_strings.yar index 6c75bb2..bfd4fa9 100644 --- a/yara_rules/sekoiaio_apt_implant_xdealer_stealer_strings.yar +++ b/yara_rules/apt_implant_xdealer_stealer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_implant_xdealer_stealer_strings { +rule apt_implant_xdealer_stealer_strings { meta: id = "6314cf6c-2c3b-4e9a-87a1-b56ee148474c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_implant_xdealer_strings.yar b/yara_rules/apt_implant_xdealer_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_implant_xdealer_strings.yar rename to yara_rules/apt_implant_xdealer_strings.yar index b18af9f..d9fabf0 100644 --- a/yara_rules/sekoiaio_apt_implant_xdealer_strings.yar +++ b/yara_rules/apt_implant_xdealer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_implant_xdealer_strings { +rule apt_implant_xdealer_strings { meta: id = "06ef72ca-b4e3-493b-8e01-d34b98259c6d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_implant_xdealer_vbs_launcher_strings.yar b/yara_rules/apt_implant_xdealer_vbs_launcher_strings.yar similarity index 88% rename from yara_rules/sekoiaio_apt_implant_xdealer_vbs_launcher_strings.yar rename to yara_rules/apt_implant_xdealer_vbs_launcher_strings.yar index 9d5d267..aaa7663 100644 --- a/yara_rules/sekoiaio_apt_implant_xdealer_vbs_launcher_strings.yar +++ b/yara_rules/apt_implant_xdealer_vbs_launcher_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_implant_xdealer_vbs_launcher_strings { +rule apt_implant_xdealer_vbs_launcher_strings { meta: id = "ebfc8a33-70dc-44d5-bc4a-07afc56f8254" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_ir_sugarush_implant.yar b/yara_rules/apt_ir_sugarush_implant.yar similarity index 93% rename from yara_rules/sekoiaio_apt_ir_sugarush_implant.yar rename to yara_rules/apt_ir_sugarush_implant.yar index 9e5dd24..aeea587 100644 --- a/yara_rules/sekoiaio_apt_ir_sugarush_implant.yar +++ b/yara_rules/apt_ir_sugarush_implant.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_ir_sugarush_implant { +rule apt_ir_sugarush_implant { meta: id = "bcf057cc-272c-4cb6-bb76-928788675282" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_ivanti_krustyloader.yar b/yara_rules/apt_ivanti_krustyloader.yar similarity index 95% rename from yara_rules/sekoiaio_apt_ivanti_krustyloader.yar rename to yara_rules/apt_ivanti_krustyloader.yar index c84bfa0..d03e5b3 100644 --- a/yara_rules/sekoiaio_apt_ivanti_krustyloader.yar +++ b/yara_rules/apt_ivanti_krustyloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_ivanti_krustyloader { +rule apt_ivanti_krustyloader { meta: id = "617fdd5f-7555-49e8-b0ec-2199f017dc40" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_fpspy.yar b/yara_rules/apt_kimsuky_fpspy.yar similarity index 94% rename from yara_rules/sekoiaio_apt_kimsuky_fpspy.yar rename to yara_rules/apt_kimsuky_fpspy.yar index 9da918d..ed7ef11 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_fpspy.yar +++ b/yara_rules/apt_kimsuky_fpspy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_fpspy { +rule apt_kimsuky_fpspy { meta: id = "75d41851-a7a6-4068-8ea5-6a3e6e62a965" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_klogexe.yar b/yara_rules/apt_kimsuky_klogexe.yar similarity index 96% rename from yara_rules/sekoiaio_apt_kimsuky_klogexe.yar rename to yara_rules/apt_kimsuky_klogexe.yar index 82d6d1a..fe7d750 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_klogexe.yar +++ b/yara_rules/apt_kimsuky_klogexe.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_klogexe { +rule apt_kimsuky_klogexe { meta: id = "f6e3b1a5-43b6-4dac-83c2-a365c41de38d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_malicious_gotopwsh_lnk.yar b/yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar similarity index 90% rename from yara_rules/sekoiaio_apt_kimsuky_malicious_gotopwsh_lnk.yar rename to yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar index 2f73bea..87444fe 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_malicious_gotopwsh_lnk.yar +++ b/yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_malicious_gotopwsh_lnk { +rule apt_kimsuky_malicious_gotopwsh_lnk { meta: id = "cfe9adf5-2c06-4d04-8006-c4eea0dab549" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_malicious_vba.yar b/yara_rules/apt_kimsuky_malicious_vba.yar similarity index 91% rename from yara_rules/sekoiaio_apt_kimsuky_malicious_vba.yar rename to yara_rules/apt_kimsuky_malicious_vba.yar index 313aecd..185ea53 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_malicious_vba.yar +++ b/yara_rules/apt_kimsuky_malicious_vba.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_malicious_vba { +rule apt_kimsuky_malicious_vba { meta: id = "2dbe2431-3592-4395-8164-49abae4a5a3d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_powershell.yar b/yara_rules/apt_kimsuky_powershell.yar similarity index 95% rename from yara_rules/sekoiaio_apt_kimsuky_powershell.yar rename to yara_rules/apt_kimsuky_powershell.yar index 1b3c688..8f2b470 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_powershell.yar +++ b/yara_rules/apt_kimsuky_powershell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_powershell { +rule apt_kimsuky_powershell { meta: id = "b7f812e0-d08b-40fe-908a-dc5765d6bc66" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_powershell_dropper_strings.yar b/yara_rules/apt_kimsuky_powershell_dropper_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_kimsuky_powershell_dropper_strings.yar rename to yara_rules/apt_kimsuky_powershell_dropper_strings.yar index 9d4f60c..f6d01e3 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_powershell_dropper_strings.yar +++ b/yara_rules/apt_kimsuky_powershell_dropper_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_powershell_dropper_strings { +rule apt_kimsuky_powershell_dropper_strings { meta: id = "8b346e05-215b-46c0-82bf-fce3a65440f3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharpext_compromised_securepreferences.yar b/yara_rules/apt_kimsuky_sharpext_compromised_securepreferences.yar similarity index 88% rename from yara_rules/sekoiaio_apt_kimsuky_sharpext_compromised_securepreferences.yar rename to yara_rules/apt_kimsuky_sharpext_compromised_securepreferences.yar index 6eba5a3..0c4ef56 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharpext_compromised_securepreferences.yar +++ b/yara_rules/apt_kimsuky_sharpext_compromised_securepreferences.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharpext_compromised_securepreferences { +rule apt_kimsuky_sharpext_compromised_securepreferences { meta: id = "aeda5d15-82e1-4ffc-8252-1eb4fc78d024" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharpext_devps1_strings.yar b/yara_rules/apt_kimsuky_sharpext_devps1_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_kimsuky_sharpext_devps1_strings.yar rename to yara_rules/apt_kimsuky_sharpext_devps1_strings.yar index dfac653..060b2b2 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharpext_devps1_strings.yar +++ b/yara_rules/apt_kimsuky_sharpext_devps1_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharpext_devps1_strings { +rule apt_kimsuky_sharpext_devps1_strings { meta: id = "f2ad32a4-bfca-40b2-964e-b8562538a6f2" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharpext_devtoolmodule_strings.yar b/yara_rules/apt_kimsuky_sharpext_devtoolmodule_strings.yar similarity index 89% rename from yara_rules/sekoiaio_apt_kimsuky_sharpext_devtoolmodule_strings.yar rename to yara_rules/apt_kimsuky_sharpext_devtoolmodule_strings.yar index 3f83b96..093ebfa 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharpext_devtoolmodule_strings.yar +++ b/yara_rules/apt_kimsuky_sharpext_devtoolmodule_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharpext_devtoolmodule_strings { +rule apt_kimsuky_sharpext_devtoolmodule_strings { meta: id = "6f589a9c-344a-4ddc-929e-f123a2c3c187" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharpext_jsexfil_strings.yar b/yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_kimsuky_sharpext_jsexfil_strings.yar rename to yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar index ab83bb1..e63c3df 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharpext_jsexfil_strings.yar +++ b/yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharpext_jsexfil_strings { +rule apt_kimsuky_sharpext_jsexfil_strings { meta: id = "c9ebd123-6450-4424-93d1-60322bd97bf6" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharptongue_c2_source.yar b/yara_rules/apt_kimsuky_sharptongue_c2_source.yar similarity index 90% rename from yara_rules/sekoiaio_apt_kimsuky_sharptongue_c2_source.yar rename to yara_rules/apt_kimsuky_sharptongue_c2_source.yar index ec2a710..649a449 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharptongue_c2_source.yar +++ b/yara_rules/apt_kimsuky_sharptongue_c2_source.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharptongue_c2_source { +rule apt_kimsuky_sharptongue_c2_source { meta: id = "a2ccf773-511c-4088-8bcf-b923291d024b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharptongue_strings.yar b/yara_rules/apt_kimsuky_sharptongue_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_kimsuky_sharptongue_strings.yar rename to yara_rules/apt_kimsuky_sharptongue_strings.yar index f84a1f8..56e48ab 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharptongue_strings.yar +++ b/yara_rules/apt_kimsuky_sharptongue_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharptongue_strings { +rule apt_kimsuky_sharptongue_strings { meta: id = "56027edb-4e6e-40ec-a1b9-36c52b0dd3ec" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_sharptongue_vbslauncher_strings.yar b/yara_rules/apt_kimsuky_sharptongue_vbslauncher_strings.yar similarity index 88% rename from yara_rules/sekoiaio_apt_kimsuky_sharptongue_vbslauncher_strings.yar rename to yara_rules/apt_kimsuky_sharptongue_vbslauncher_strings.yar index 9006a0b..c0ce8e2 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_sharptongue_vbslauncher_strings.yar +++ b/yara_rules/apt_kimsuky_sharptongue_vbslauncher_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_sharptongue_vbslauncher_strings { +rule apt_kimsuky_sharptongue_vbslauncher_strings { meta: id = "82bd648c-2961-4945-950e-8fb1e4650338" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_toddlershark_obfuscated.yar b/yara_rules/apt_kimsuky_toddlershark_obfuscated.yar similarity index 92% rename from yara_rules/sekoiaio_apt_kimsuky_toddlershark_obfuscated.yar rename to yara_rules/apt_kimsuky_toddlershark_obfuscated.yar index 6bde94a..71b12b5 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_toddlershark_obfuscated.yar +++ b/yara_rules/apt_kimsuky_toddlershark_obfuscated.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_toddlershark_obfuscated { +rule apt_kimsuky_toddlershark_obfuscated { meta: id = "9ab82466-4f38-4597-b75b-13252e180c70" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_toddlershark_strings.yar b/yara_rules/apt_kimsuky_toddlershark_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_kimsuky_toddlershark_strings.yar rename to yara_rules/apt_kimsuky_toddlershark_strings.yar index 58d29a3..00e9d68 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_toddlershark_strings.yar +++ b/yara_rules/apt_kimsuky_toddlershark_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_toddlershark_strings { +rule apt_kimsuky_toddlershark_strings { meta: id = "2db1a424-9e83-4168-8ebf-d3b415b6a576" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_validator_strings.yar b/yara_rules/apt_kimsuky_validator_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_kimsuky_validator_strings.yar rename to yara_rules/apt_kimsuky_validator_strings.yar index 1d2c717..38f6653 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_validator_strings.yar +++ b/yara_rules/apt_kimsuky_validator_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_validator_strings { +rule apt_kimsuky_validator_strings { meta: id = "e055f2d4-8318-4342-812e-0f621d7886b4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_vbs.yar b/yara_rules/apt_kimsuky_vbs.yar similarity index 95% rename from yara_rules/sekoiaio_apt_kimsuky_vbs.yar rename to yara_rules/apt_kimsuky_vbs.yar index e294d9a..3ecefef 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_vbs.yar +++ b/yara_rules/apt_kimsuky_vbs.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_vbs { +rule apt_kimsuky_vbs { meta: id = "3f92dbda-2ddb-4fa3-a587-743f65ced9e4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_kimsuky_vbs_powershell_downloader.yar b/yara_rules/apt_kimsuky_vbs_powershell_downloader.yar similarity index 90% rename from yara_rules/sekoiaio_apt_kimsuky_vbs_powershell_downloader.yar rename to yara_rules/apt_kimsuky_vbs_powershell_downloader.yar index b6f536f..b4137f0 100644 --- a/yara_rules/sekoiaio_apt_kimsuky_vbs_powershell_downloader.yar +++ b/yara_rules/apt_kimsuky_vbs_powershell_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_kimsuky_vbs_powershell_downloader { +rule apt_kimsuky_vbs_powershell_downloader { meta: id = "4c9af11f-802b-4ffe-9783-90fc2ee53809" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_konni.yar b/yara_rules/apt_konni.yar similarity index 97% rename from yara_rules/sekoiaio_apt_konni.yar rename to yara_rules/apt_konni.yar index a88210a..96f0079 100644 --- a/yara_rules/sekoiaio_apt_konni.yar +++ b/yara_rules/apt_konni.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_konni { +rule apt_konni { meta: id = "6a20c492-e932-41bd-ac4a-01d35bfb0c49" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_konni_check_bat.yar b/yara_rules/apt_konni_check_bat.yar similarity index 94% rename from yara_rules/sekoiaio_apt_konni_check_bat.yar rename to yara_rules/apt_konni_check_bat.yar index c446cde..5aecdff 100644 --- a/yara_rules/sekoiaio_apt_konni_check_bat.yar +++ b/yara_rules/apt_konni_check_bat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_konni_check_bat { +rule apt_konni_check_bat { meta: id = "f05e6ba2-c128-4c17-8f74-f7640103c859" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_konni_dropper.yar b/yara_rules/apt_konni_dropper.yar similarity index 93% rename from yara_rules/sekoiaio_apt_konni_dropper.yar rename to yara_rules/apt_konni_dropper.yar index 31f9301..bd194dc 100644 --- a/yara_rules/sekoiaio_apt_konni_dropper.yar +++ b/yara_rules/apt_konni_dropper.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_konni_dropper { +rule apt_konni_dropper { meta: id = "0783a55e-1d1e-40ca-a661-2c5dec6d78d6" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_backdoored_jslib.yar b/yara_rules/apt_lazarus_backdoored_jslib.yar similarity index 91% rename from yara_rules/sekoiaio_apt_lazarus_backdoored_jslib.yar rename to yara_rules/apt_lazarus_backdoored_jslib.yar index 6ca6219..4888000 100644 --- a/yara_rules/sekoiaio_apt_lazarus_backdoored_jslib.yar +++ b/yara_rules/apt_lazarus_backdoored_jslib.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_backdoored_jslib { +rule apt_lazarus_backdoored_jslib { meta: id = "73ffd449-93c8-494e-9c14-2e933b21a200" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_blindingcan_rtti.yar b/yara_rules/apt_lazarus_blindingcan_rtti.yar similarity index 90% rename from yara_rules/sekoiaio_apt_lazarus_blindingcan_rtti.yar rename to yara_rules/apt_lazarus_blindingcan_rtti.yar index 0371047..f74cf33 100644 --- a/yara_rules/sekoiaio_apt_lazarus_blindingcan_rtti.yar +++ b/yara_rules/apt_lazarus_blindingcan_rtti.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_blindingcan_rtti { +rule apt_lazarus_blindingcan_rtti { meta: id = "9a16c189-ffc1-4aa6-8582-298abaecd0ef" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_dangerouspassword_lnk.yar b/yara_rules/apt_lazarus_dangerouspassword_lnk.yar similarity index 94% rename from yara_rules/sekoiaio_apt_lazarus_dangerouspassword_lnk.yar rename to yara_rules/apt_lazarus_dangerouspassword_lnk.yar index 26f12c5..6668451 100644 --- a/yara_rules/sekoiaio_apt_lazarus_dangerouspassword_lnk.yar +++ b/yara_rules/apt_lazarus_dangerouspassword_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_dangerouspassword_lnk { +rule apt_lazarus_dangerouspassword_lnk { meta: id = "32533880-7f75-4682-a7ae-9868d0b5174b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_dll_c2_comms.yar b/yara_rules/apt_lazarus_dll_c2_comms.yar similarity index 97% rename from yara_rules/sekoiaio_apt_lazarus_dll_c2_comms.yar rename to yara_rules/apt_lazarus_dll_c2_comms.yar index 5574739..485f02e 100644 --- a/yara_rules/sekoiaio_apt_lazarus_dll_c2_comms.yar +++ b/yara_rules/apt_lazarus_dll_c2_comms.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_dll_c2_comms { +rule apt_lazarus_dll_c2_comms { meta: id = "9b379aa8-77ce-4c76-ab13-05e35ebfbdfe" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_gopuram_backdoor.yar b/yara_rules/apt_lazarus_gopuram_backdoor.yar similarity index 96% rename from yara_rules/sekoiaio_apt_lazarus_gopuram_backdoor.yar rename to yara_rules/apt_lazarus_gopuram_backdoor.yar index bfa0d97..d069a00 100644 --- a/yara_rules/sekoiaio_apt_lazarus_gopuram_backdoor.yar +++ b/yara_rules/apt_lazarus_gopuram_backdoor.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_lazarus_gopuram_backdoor { +rule apt_lazarus_gopuram_backdoor { meta: id = "947d4ee3-79fa-450b-8482-beafe607baae" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_lambload_timecheck.yar b/yara_rules/apt_lazarus_lambload_timecheck.yar similarity index 98% rename from yara_rules/sekoiaio_apt_lazarus_lambload_timecheck.yar rename to yara_rules/apt_lazarus_lambload_timecheck.yar index c0a9672..d558227 100644 --- a/yara_rules/sekoiaio_apt_lazarus_lambload_timecheck.yar +++ b/yara_rules/apt_lazarus_lambload_timecheck.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_lambload_timecheck { +rule apt_lazarus_lambload_timecheck { meta: id = "8807c752-c34e-4c3b-9194-3a9bd2575a88" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_pondrat.yar b/yara_rules/apt_lazarus_pondrat.yar similarity index 96% rename from yara_rules/sekoiaio_apt_lazarus_pondrat.yar rename to yara_rules/apt_lazarus_pondrat.yar index fc845cd..a6bcb7d 100644 --- a/yara_rules/sekoiaio_apt_lazarus_pondrat.yar +++ b/yara_rules/apt_lazarus_pondrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_pondrat { +rule apt_lazarus_pondrat { meta: id = "a957c158-a79a-4d7a-8473-b6960cf02d9b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_vhd_ransomware_downloader.yar b/yara_rules/apt_lazarus_vhd_ransomware_downloader.yar similarity index 92% rename from yara_rules/sekoiaio_apt_lazarus_vhd_ransomware_downloader.yar rename to yara_rules/apt_lazarus_vhd_ransomware_downloader.yar index 7f6a1e7..4d7c32c 100644 --- a/yara_rules/sekoiaio_apt_lazarus_vhd_ransomware_downloader.yar +++ b/yara_rules/apt_lazarus_vhd_ransomware_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_vhd_ransomware_downloader { +rule apt_lazarus_vhd_ransomware_downloader { meta: id = "edcc9df8-650c-437a-adb8-a671e8b75e64" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_lazarus_vhd_ransomware_loader.yar b/yara_rules/apt_lazarus_vhd_ransomware_loader.yar similarity index 94% rename from yara_rules/sekoiaio_apt_lazarus_vhd_ransomware_loader.yar rename to yara_rules/apt_lazarus_vhd_ransomware_loader.yar index 36e314c..1cb5250 100644 --- a/yara_rules/sekoiaio_apt_lazarus_vhd_ransomware_loader.yar +++ b/yara_rules/apt_lazarus_vhd_ransomware_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_lazarus_vhd_ransomware_loader { +rule apt_lazarus_vhd_ransomware_loader { meta: id = "377f3ec5-fa2a-431e-93d2-6a1eb9e01d28" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_luckymouse_compromised_electronapp.yar b/yara_rules/apt_luckymouse_compromised_electronapp.yar similarity index 88% rename from yara_rules/sekoiaio_apt_luckymouse_compromised_electronapp.yar rename to yara_rules/apt_luckymouse_compromised_electronapp.yar index 0e368f7..ed98cc9 100644 --- a/yara_rules/sekoiaio_apt_luckymouse_compromised_electronapp.yar +++ b/yara_rules/apt_luckymouse_compromised_electronapp.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_luckymouse_compromised_electronapp { +rule apt_luckymouse_compromised_electronapp { meta: id = "7702217d-771f-47af-8eaa-d5acf1e14f4d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_luckymouse_rshell_strings.yar b/yara_rules/apt_luckymouse_rshell_strings.yar similarity index 94% rename from yara_rules/sekoiaio_apt_luckymouse_rshell_strings.yar rename to yara_rules/apt_luckymouse_rshell_strings.yar index ee0e7fc..0c6abe8 100644 --- a/yara_rules/sekoiaio_apt_luckymouse_rshell_strings.yar +++ b/yara_rules/apt_luckymouse_rshell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_luckymouse_rshell_strings { +rule apt_luckymouse_rshell_strings { meta: id = "89f18013-ea3e-440f-821e-cef102a43b7b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_luckymouse_rshell_strings_all_platform.yar b/yara_rules/apt_luckymouse_rshell_strings_all_platform.yar similarity index 89% rename from yara_rules/sekoiaio_apt_luckymouse_rshell_strings_all_platform.yar rename to yara_rules/apt_luckymouse_rshell_strings_all_platform.yar index 6070e7b..006da6f 100644 --- a/yara_rules/sekoiaio_apt_luckymouse_rshell_strings_all_platform.yar +++ b/yara_rules/apt_luckymouse_rshell_strings_all_platform.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_luckymouse_rshell_strings_all_platform { +rule apt_luckymouse_rshell_strings_all_platform { meta: id = "e79a5ee1-96b3-4643-ab11-0b1095e96488" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_emissarypanda_sysupdate_removing_tool.yar b/yara_rules/apt_luckymouse_sysupdate_removing_tool.yar similarity index 89% rename from yara_rules/sekoiaio_apt_emissarypanda_sysupdate_removing_tool.yar rename to yara_rules/apt_luckymouse_sysupdate_removing_tool.yar index 17b3856..7950fb4 100644 --- a/yara_rules/sekoiaio_apt_emissarypanda_sysupdate_removing_tool.yar +++ b/yara_rules/apt_luckymouse_sysupdate_removing_tool.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_emissarypanda_sysupdate_removing_tool { +rule apt_luckymouse_sysupdate_removing_tool { meta: id = "711d059c-6229-49ef-aa20-a04d505838dc" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_malware_pocoproxy.yar b/yara_rules/apt_malware_pocoproxy.yar similarity index 95% rename from yara_rules/sekoiaio_apt_malware_pocoproxy.yar rename to yara_rules/apt_malware_pocoproxy.yar index fa6e2a0..5ec9da2 100644 --- a/yara_rules/sekoiaio_apt_malware_pocoproxy.yar +++ b/yara_rules/apt_malware_pocoproxy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_malware_pocoproxy { +rule apt_malware_pocoproxy { meta: id = "8b37e37f-339e-4f8b-b792-435096f56af0" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_menupass_maliciouslibvlc_dll.yar b/yara_rules/apt_menupass_maliciouslibvlc_dll.yar similarity index 90% rename from yara_rules/sekoiaio_apt_menupass_maliciouslibvlc_dll.yar rename to yara_rules/apt_menupass_maliciouslibvlc_dll.yar index 82e1b1c..fa7cae3 100644 --- a/yara_rules/sekoiaio_apt_menupass_maliciouslibvlc_dll.yar +++ b/yara_rules/apt_menupass_maliciouslibvlc_dll.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_menupass_maliciouslibvlc_dll { +rule apt_menupass_maliciouslibvlc_dll { meta: id = "8b6b56f3-33b5-41cf-8bcb-e653c98718bd" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_micdown_encrypted_configuration.yar b/yara_rules/apt_micdown_encrypted_configuration.yar similarity index 90% rename from yara_rules/sekoiaio_apt_micdown_encrypted_configuration.yar rename to yara_rules/apt_micdown_encrypted_configuration.yar index 92b1887..522ebb6 100644 --- a/yara_rules/sekoiaio_apt_micdown_encrypted_configuration.yar +++ b/yara_rules/apt_micdown_encrypted_configuration.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_micdown_encrypted_configuration { +rule apt_micdown_encrypted_configuration { meta: id = "9567d68b-05d1-4d41-b87f-c8691ee689cd" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_manifestation_backdoor.yar b/yara_rules/apt_muddywater_manifestation_backdoor.yar similarity index 92% rename from yara_rules/sekoiaio_apt_muddywater_manifestation_backdoor.yar rename to yara_rules/apt_muddywater_manifestation_backdoor.yar index 8be8cd4..567e760 100644 --- a/yara_rules/sekoiaio_apt_muddywater_manifestation_backdoor.yar +++ b/yara_rules/apt_muddywater_manifestation_backdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_manifestation_backdoor { +rule apt_muddywater_manifestation_backdoor { meta: id = "998fb0ab-73ed-41e5-b87e-f987b8f05a8c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_manifestation_backdoor_obfuscated.yar b/yara_rules/apt_muddywater_manifestation_backdoor_obfuscated.yar similarity index 90% rename from yara_rules/sekoiaio_apt_muddywater_manifestation_backdoor_obfuscated.yar rename to yara_rules/apt_muddywater_manifestation_backdoor_obfuscated.yar index 9ad6950..458ab72 100644 --- a/yara_rules/sekoiaio_apt_muddywater_manifestation_backdoor_obfuscated.yar +++ b/yara_rules/apt_muddywater_manifestation_backdoor_obfuscated.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_manifestation_backdoor_obfuscated { +rule apt_muddywater_manifestation_backdoor_obfuscated { meta: id = "58df72a1-822c-4b82-904d-1c0124dc7bc1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_moriagent.yar b/yara_rules/apt_muddywater_moriagent.yar similarity index 95% rename from yara_rules/sekoiaio_apt_muddywater_moriagent.yar rename to yara_rules/apt_muddywater_moriagent.yar index 598f79b..f866c27 100644 --- a/yara_rules/sekoiaio_apt_muddywater_moriagent.yar +++ b/yara_rules/apt_muddywater_moriagent.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_muddywater_moriagent { +rule apt_muddywater_moriagent { meta: id = "e7a83663-6a30-416a-8f29-87a6b9445ea4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_muddyc2go_dll_launcher_strings.yar b/yara_rules/apt_muddywater_muddyc2go_dll_launcher_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_muddywater_muddyc2go_dll_launcher_strings.yar rename to yara_rules/apt_muddywater_muddyc2go_dll_launcher_strings.yar index e7f2c27..2070c65 100644 --- a/yara_rules/sekoiaio_apt_muddywater_muddyc2go_dll_launcher_strings.yar +++ b/yara_rules/apt_muddywater_muddyc2go_dll_launcher_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_muddyc2go_dll_launcher_strings { +rule apt_muddywater_muddyc2go_dll_launcher_strings { meta: id = "59756195-d842-4038-8fbf-43d26f4353bc" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_powershell_reverse_secure_proxy.yar b/yara_rules/apt_muddywater_powershell_reverse_secure_proxy.yar similarity index 88% rename from yara_rules/sekoiaio_apt_muddywater_powershell_reverse_secure_proxy.yar rename to yara_rules/apt_muddywater_powershell_reverse_secure_proxy.yar index 252f356..ae5a24c 100644 --- a/yara_rules/sekoiaio_apt_muddywater_powershell_reverse_secure_proxy.yar +++ b/yara_rules/apt_muddywater_powershell_reverse_secure_proxy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_powershell_reverse_secure_proxy { +rule apt_muddywater_powershell_reverse_secure_proxy { meta: id = "b255f327-cb56-41b7-82f7-83ee23f791a5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_powgoop_decode_loop.yar b/yara_rules/apt_muddywater_powgoop_decode_loop.yar similarity index 92% rename from yara_rules/sekoiaio_apt_muddywater_powgoop_decode_loop.yar rename to yara_rules/apt_muddywater_powgoop_decode_loop.yar index 8c8a678..6640637 100644 --- a/yara_rules/sekoiaio_apt_muddywater_powgoop_decode_loop.yar +++ b/yara_rules/apt_muddywater_powgoop_decode_loop.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_powgoop_decode_loop { +rule apt_muddywater_powgoop_decode_loop { meta: id = "644ed1c4-e0e1-496e-9efc-7d9e15565f7b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_powgoop_decoded.yar b/yara_rules/apt_muddywater_powgoop_decoded.yar similarity index 94% rename from yara_rules/sekoiaio_apt_muddywater_powgoop_decoded.yar rename to yara_rules/apt_muddywater_powgoop_decoded.yar index a2232d8..8b7299b 100644 --- a/yara_rules/sekoiaio_apt_muddywater_powgoop_decoded.yar +++ b/yara_rules/apt_muddywater_powgoop_decoded.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_powgoop_decoded { +rule apt_muddywater_powgoop_decoded { meta: id = "194cb9ef-da96-42b6-a3b5-b0aee7495f2c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_powgoop_loader.yar b/yara_rules/apt_muddywater_powgoop_loader.yar similarity index 92% rename from yara_rules/sekoiaio_apt_muddywater_powgoop_loader.yar rename to yara_rules/apt_muddywater_powgoop_loader.yar index 8dafdf9..8db2d0f 100644 --- a/yara_rules/sekoiaio_apt_muddywater_powgoop_loader.yar +++ b/yara_rules/apt_muddywater_powgoop_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_powgoop_loader { +rule apt_muddywater_powgoop_loader { meta: id = "716b45e1-9f17-4546-a003-a7c78340d623" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_muddywater_rotrot_strings.yar b/yara_rules/apt_muddywater_rotrot_strings.yar similarity index 95% rename from yara_rules/sekoiaio_apt_muddywater_rotrot_strings.yar rename to yara_rules/apt_muddywater_rotrot_strings.yar index 7a6cbda..0bd07a1 100644 --- a/yara_rules/sekoiaio_apt_muddywater_rotrot_strings.yar +++ b/yara_rules/apt_muddywater_rotrot_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_muddywater_rotrot_strings { +rule apt_muddywater_rotrot_strings { meta: id = "f7bc195a-0e60-4495-b78a-78f101543700" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustang_panda_nupakage.yar b/yara_rules/apt_mustang_panda_nupakage.yar similarity index 92% rename from yara_rules/sekoiaio_apt_mustang_panda_nupakage.yar rename to yara_rules/apt_mustang_panda_nupakage.yar index 71f3992..bbbba52 100644 --- a/yara_rules/sekoiaio_apt_mustang_panda_nupakage.yar +++ b/yara_rules/apt_mustang_panda_nupakage.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustang_panda_nupakage { +rule apt_mustang_panda_nupakage { meta: id = "bd62c220-addc-48e9-bd01-2eff687ac3ce" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustang_panda_toneins.yar b/yara_rules/apt_mustang_panda_toneins.yar similarity index 97% rename from yara_rules/sekoiaio_apt_mustang_panda_toneins.yar rename to yara_rules/apt_mustang_panda_toneins.yar index cf35237..bfcde33 100644 --- a/yara_rules/sekoiaio_apt_mustang_panda_toneins.yar +++ b/yara_rules/apt_mustang_panda_toneins.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_apt_mustang_panda_toneins { +rule apt_mustang_panda_toneins { meta: id = "f178217a-ff28-4dd7-9395-f19f3e2e934c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustang_panda_toneshell.yar b/yara_rules/apt_mustang_panda_toneshell.yar similarity index 98% rename from yara_rules/sekoiaio_apt_mustang_panda_toneshell.yar rename to yara_rules/apt_mustang_panda_toneshell.yar index 8dacaff..7a85ae1 100644 --- a/yara_rules/sekoiaio_apt_mustang_panda_toneshell.yar +++ b/yara_rules/apt_mustang_panda_toneshell.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_apt_mustang_panda_toneshell { +rule apt_mustang_panda_toneshell { meta: id = "bf7c68a9-dddc-494a-a603-c2311ed712a4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_coolclient.yar b/yara_rules/apt_mustangpanda_coolclient.yar similarity index 92% rename from yara_rules/sekoiaio_apt_mustangpanda_coolclient.yar rename to yara_rules/apt_mustangpanda_coolclient.yar index c70a38d..cfb560f 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_coolclient.yar +++ b/yara_rules/apt_mustangpanda_coolclient.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_coolclient { +rule apt_mustangpanda_coolclient { meta: id = "2f8fdb66-03a2-400f-808b-56ae1b276d2f" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_decrypt_payload.yar b/yara_rules/apt_mustangpanda_decrypt_payload.yar similarity index 91% rename from yara_rules/sekoiaio_apt_mustangpanda_decrypt_payload.yar rename to yara_rules/apt_mustangpanda_decrypt_payload.yar index d1c99ba..06d80fc 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_decrypt_payload.yar +++ b/yara_rules/apt_mustangpanda_decrypt_payload.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_decrypt_payload { +rule apt_mustangpanda_decrypt_payload { meta: id = "7b954007-0929-454d-8a10-05279a337f1b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_downloader.yar b/yara_rules/apt_mustangpanda_downloader.yar similarity index 91% rename from yara_rules/sekoiaio_apt_mustangpanda_downloader.yar rename to yara_rules/apt_mustangpanda_downloader.yar index 45919d7..9aad441 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_downloader.yar +++ b/yara_rules/apt_mustangpanda_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_downloader { +rule apt_mustangpanda_downloader { meta: id = "54850ffd-f93b-4082-b3ca-8e1d60b35422" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_malicious_lnk_worm.yar b/yara_rules/apt_mustangpanda_malicious_lnk_worm.yar similarity index 88% rename from yara_rules/sekoiaio_apt_mustangpanda_malicious_lnk_worm.yar rename to yara_rules/apt_mustangpanda_malicious_lnk_worm.yar index fe4bba0..d1d3875 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_malicious_lnk_worm.yar +++ b/yara_rules/apt_mustangpanda_malicious_lnk_worm.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_malicious_lnk_worm { +rule apt_mustangpanda_malicious_lnk_worm { meta: id = "e7cc5ecc-2369-49ff-9e35-c9faeb69acda" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_maliciousdll_loading_plugx_strings.yar b/yara_rules/apt_mustangpanda_maliciousdll_loading_plugx_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_mustangpanda_maliciousdll_loading_plugx_strings.yar rename to yara_rules/apt_mustangpanda_maliciousdll_loading_plugx_strings.yar index 443da94..bca666d 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_maliciousdll_loading_plugx_strings.yar +++ b/yara_rules/apt_mustangpanda_maliciousdll_loading_plugx_strings.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_mustangpanda_maliciousdll_loading_plugx_strings { +rule apt_mustangpanda_maliciousdll_loading_plugx_strings { meta: id = "2296ac6e-63f5-4cff-aeb7-2c5205e6f559" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_mqsttang_qmagent.yar b/yara_rules/apt_mustangpanda_mqsttang_qmagent.yar similarity index 93% rename from yara_rules/sekoiaio_apt_mustangpanda_mqsttang_qmagent.yar rename to yara_rules/apt_mustangpanda_mqsttang_qmagent.yar index 1a392ff..68bb9a4 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_mqsttang_qmagent.yar +++ b/yara_rules/apt_mustangpanda_mqsttang_qmagent.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_mqsttang_qmagent { +rule apt_mustangpanda_mqsttang_qmagent { meta: id = "bcf6f961-0d9b-4fbc-81d2-f5d00c68d4d5" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_payload.yar b/yara_rules/apt_mustangpanda_payload.yar similarity index 95% rename from yara_rules/sekoiaio_apt_mustangpanda_payload.yar rename to yara_rules/apt_mustangpanda_payload.yar index 91c1919..6368ca3 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_payload.yar +++ b/yara_rules/apt_mustangpanda_payload.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_payload { +rule apt_mustangpanda_payload { meta: id = "ce7ddf20-e13f-4b5f-8fff-4b1387b29568" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_tinynote.yar b/yara_rules/apt_mustangpanda_tinynote.yar similarity index 93% rename from yara_rules/sekoiaio_apt_mustangpanda_tinynote.yar rename to yara_rules/apt_mustangpanda_tinynote.yar index 0c4361f..a373bec 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_tinynote.yar +++ b/yara_rules/apt_mustangpanda_tinynote.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_tinynote { +rule apt_mustangpanda_tinynote { meta: id = "a2b9bea4-a211-456f-8a3f-0f31733e8b29" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_tonedrop.yar b/yara_rules/apt_mustangpanda_tonedrop.yar similarity index 97% rename from yara_rules/sekoiaio_apt_mustangpanda_tonedrop.yar rename to yara_rules/apt_mustangpanda_tonedrop.yar index 89c8627..c6d1264 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_tonedrop.yar +++ b/yara_rules/apt_mustangpanda_tonedrop.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_tonedrop { +rule apt_mustangpanda_tonedrop { meta: id = "39df631c-5766-4804-838f-6c9b800c0cc9" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_windows_remoteshell.yar b/yara_rules/apt_mustangpanda_windows_remoteshell.yar similarity index 98% rename from yara_rules/sekoiaio_apt_mustangpanda_windows_remoteshell.yar rename to yara_rules/apt_mustangpanda_windows_remoteshell.yar index 2118da9..8434f94 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_windows_remoteshell.yar +++ b/yara_rules/apt_mustangpanda_windows_remoteshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_windows_remoteshell { +rule apt_mustangpanda_windows_remoteshell { meta: id = "cffdd11e-9700-462e-a965-f9f51db63f0b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar b/yara_rules/apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar similarity index 88% rename from yara_rules/sekoiaio_apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar rename to yara_rules/apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar index b2bdb18..4c9f933 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar +++ b/yara_rules/apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_windows_shellcode_decryptionalgorithm { +rule apt_mustangpanda_windows_shellcode_decryptionalgorithm { meta: id = "c9873a5f-97a6-477f-a1a0-650441c73444" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_xoreddll.yar b/yara_rules/apt_mustangpanda_xoreddll.yar similarity index 93% rename from yara_rules/sekoiaio_apt_mustangpanda_xoreddll.yar rename to yara_rules/apt_mustangpanda_xoreddll.yar index 1178fc5..7ed11f7 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_xoreddll.yar +++ b/yara_rules/apt_mustangpanda_xoreddll.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_xoreddll { +rule apt_mustangpanda_xoreddll { meta: id = "73d13624-01df-41ab-b449-86db43dc6c55" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_mustangpanda_zpakage.yar b/yara_rules/apt_mustangpanda_zpakage.yar similarity index 95% rename from yara_rules/sekoiaio_apt_mustangpanda_zpakage.yar rename to yara_rules/apt_mustangpanda_zpakage.yar index 6b948ce..4f8f16c 100644 --- a/yara_rules/sekoiaio_apt_mustangpanda_zpakage.yar +++ b/yara_rules/apt_mustangpanda_zpakage.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_mustangpanda_zpakage { +rule apt_mustangpanda_zpakage { meta: id = "a4767d12-5058-4a26-be62-0cec685917bd" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_nobelium_acrobox_downloader_apr2022.yar b/yara_rules/apt_nobelium_acrobox_downloader_apr2022.yar similarity index 91% rename from yara_rules/sekoiaio_apt_nobelium_acrobox_downloader_apr2022.yar rename to yara_rules/apt_nobelium_acrobox_downloader_apr2022.yar index 6354719..85a9324 100644 --- a/yara_rules/sekoiaio_apt_nobelium_acrobox_downloader_apr2022.yar +++ b/yara_rules/apt_nobelium_acrobox_downloader_apr2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_nobelium_acrobox_downloader_apr2022 { +rule apt_nobelium_acrobox_downloader_apr2022 { meta: id = "77f7f01d-72a2-4b13-b23f-d938a415dd40" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_nobelium_nativezone_gen.yar b/yara_rules/apt_nobelium_nativezone_gen.yar similarity index 95% rename from yara_rules/sekoiaio_apt_nobelium_nativezone_gen.yar rename to yara_rules/apt_nobelium_nativezone_gen.yar index d51184b..5cc42d0 100644 --- a/yara_rules/sekoiaio_apt_nobelium_nativezone_gen.yar +++ b/yara_rules/apt_nobelium_nativezone_gen.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_nobelium_nativezone_gen { +rule apt_nobelium_nativezone_gen { meta: id = "e16cac97-38dd-4145-95f5-cf641940a19b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_clipog_strings.yar b/yara_rules/apt_oilrig_clipog_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_oilrig_clipog_strings.yar rename to yara_rules/apt_oilrig_clipog_strings.yar index 61ce289..b05f2bf 100644 --- a/yara_rules/sekoiaio_apt_oilrig_clipog_strings.yar +++ b/yara_rules/apt_oilrig_clipog_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_clipog_strings { +rule apt_oilrig_clipog_strings { meta: id = "0ac40fd9-f67d-41fa-a774-77a3a1b7cac3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_maliciousdocument_may2022.yar b/yara_rules/apt_oilrig_maliciousdocument_may2022.yar similarity index 92% rename from yara_rules/sekoiaio_apt_oilrig_maliciousdocument_may2022.yar rename to yara_rules/apt_oilrig_maliciousdocument_may2022.yar index 9d93b05..e5c0645 100644 --- a/yara_rules/sekoiaio_apt_oilrig_maliciousdocument_may2022.yar +++ b/yara_rules/apt_oilrig_maliciousdocument_may2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_maliciousdocument_may2022 { +rule apt_oilrig_maliciousdocument_may2022 { meta: id = "cb4ab310-e24c-4edc-8804-0c49c30124fb" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_odagent_strings.yar b/yara_rules/apt_oilrig_odagent_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_oilrig_odagent_strings.yar rename to yara_rules/apt_oilrig_odagent_strings.yar index 28f8c10..317b51c 100644 --- a/yara_rules/sekoiaio_apt_oilrig_odagent_strings.yar +++ b/yara_rules/apt_oilrig_odagent_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_odagent_strings { +rule apt_oilrig_odagent_strings { meta: id = "1c5c0eb5-7c6f-4a34-b2e2-4a7c6d7030d6" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_oilbooster_strings.yar b/yara_rules/apt_oilrig_oilbooster_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_oilrig_oilbooster_strings.yar rename to yara_rules/apt_oilrig_oilbooster_strings.yar index e228b57..4350ba9 100644 --- a/yara_rules/sekoiaio_apt_oilrig_oilbooster_strings.yar +++ b/yara_rules/apt_oilrig_oilbooster_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_oilbooster_strings { +rule apt_oilrig_oilbooster_strings { meta: id = "001d12bc-1e7e-4a6c-9172-66687d08d827" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_powerexchange.yar b/yara_rules/apt_oilrig_powerexchange.yar similarity index 94% rename from yara_rules/sekoiaio_apt_oilrig_powerexchange.yar rename to yara_rules/apt_oilrig_powerexchange.yar index 4616345..bc37a0f 100644 --- a/yara_rules/sekoiaio_apt_oilrig_powerexchange.yar +++ b/yara_rules/apt_oilrig_powerexchange.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_powerexchange { +rule apt_oilrig_powerexchange { meta: id = "cb6b370f-7b05-480b-865e-ac81ded4a2a4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_saitama_backdoor_may2022.yar b/yara_rules/apt_oilrig_saitama_backdoor_may2022.yar similarity index 92% rename from yara_rules/sekoiaio_apt_oilrig_saitama_backdoor_may2022.yar rename to yara_rules/apt_oilrig_saitama_backdoor_may2022.yar index bc25924..1632601 100644 --- a/yara_rules/sekoiaio_apt_oilrig_saitama_backdoor_may2022.yar +++ b/yara_rules/apt_oilrig_saitama_backdoor_may2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_saitama_backdoor_may2022 { +rule apt_oilrig_saitama_backdoor_may2022 { meta: id = "4ea8c27f-c441-4616-a29b-2b5dfdd3bd20" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_saitama_backdoor_may2022_2.yar b/yara_rules/apt_oilrig_saitama_backdoor_may2022_2.yar similarity index 90% rename from yara_rules/sekoiaio_apt_oilrig_saitama_backdoor_may2022_2.yar rename to yara_rules/apt_oilrig_saitama_backdoor_may2022_2.yar index b638fb2..63df961 100644 --- a/yara_rules/sekoiaio_apt_oilrig_saitama_backdoor_may2022_2.yar +++ b/yara_rules/apt_oilrig_saitama_backdoor_may2022_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_saitama_backdoor_may2022_2 { +rule apt_oilrig_saitama_backdoor_may2022_2 { meta: id = "f885551a-d0f0-431d-aa4f-7caa93b1db6a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_sc5kv3_strings.yar b/yara_rules/apt_oilrig_sc5kv3_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_oilrig_sc5kv3_strings.yar rename to yara_rules/apt_oilrig_sc5kv3_strings.yar index 9b419b6..251fdfd 100644 --- a/yara_rules/sekoiaio_apt_oilrig_sc5kv3_strings.yar +++ b/yara_rules/apt_oilrig_sc5kv3_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_sc5kv3_strings { +rule apt_oilrig_sc5kv3_strings { meta: id = "885ea13b-47b0-4a6d-8136-9b31abc9064a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_oilrig_webshell.yar b/yara_rules/apt_oilrig_webshell.yar similarity index 92% rename from yara_rules/sekoiaio_apt_oilrig_webshell.yar rename to yara_rules/apt_oilrig_webshell.yar index 66df5c0..868597f 100644 --- a/yara_rules/sekoiaio_apt_oilrig_webshell.yar +++ b/yara_rules/apt_oilrig_webshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_oilrig_webshell { +rule apt_oilrig_webshell { meta: id = "53955117-5176-4682-89ad-1503faba42aa" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_polonium_deepcreep_strings.yar b/yara_rules/apt_polonium_deepcreep_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_polonium_deepcreep_strings.yar rename to yara_rules/apt_polonium_deepcreep_strings.yar index dee0435..ba2a890 100644 --- a/yara_rules/sekoiaio_apt_polonium_deepcreep_strings.yar +++ b/yara_rules/apt_polonium_deepcreep_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_polonium_deepcreep_strings { +rule apt_polonium_deepcreep_strings { meta: id = "b04af229-2bea-4ee8-9e17-8e4befa06e3a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_polonium_megacreep_strings.yar b/yara_rules/apt_polonium_megacreep_strings.yar similarity index 94% rename from yara_rules/sekoiaio_apt_polonium_megacreep_strings.yar rename to yara_rules/apt_polonium_megacreep_strings.yar index da5624e..464fb32 100644 --- a/yara_rules/sekoiaio_apt_polonium_megacreep_strings.yar +++ b/yara_rules/apt_polonium_megacreep_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_polonium_megacreep_strings { +rule apt_polonium_megacreep_strings { meta: id = "927c5fd6-0574-43bf-8db9-6ecc328estrin56c7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_polonium_powershell_creepydrive_strings.yar b/yara_rules/apt_polonium_powershell_creepydrive_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_polonium_powershell_creepydrive_strings.yar rename to yara_rules/apt_polonium_powershell_creepydrive_strings.yar index 93a246c..2cfe2f6 100644 --- a/yara_rules/sekoiaio_apt_polonium_powershell_creepydrive_strings.yar +++ b/yara_rules/apt_polonium_powershell_creepydrive_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_polonium_powershell_creepydrive_strings { +rule apt_polonium_powershell_creepydrive_strings { meta: id = "0ba196bd-9cd6-4553-b7bf-69989cdb8be4" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_polonium_technocreep_strings.yar b/yara_rules/apt_polonium_technocreep_strings.yar similarity index 94% rename from yara_rules/sekoiaio_apt_polonium_technocreep_strings.yar rename to yara_rules/apt_polonium_technocreep_strings.yar index b6234bc..014327a 100644 --- a/yara_rules/sekoiaio_apt_polonium_technocreep_strings.yar +++ b/yara_rules/apt_polonium_technocreep_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_polonium_technocreep_strings { +rule apt_polonium_technocreep_strings { meta: id = "dad79df3-b081-458e-9c14-1d5e2b43ba91" version = "1.1" diff --git a/yara_rules/sekoiaio_apt_qnapworm_loader_may2022.yar b/yara_rules/apt_qnapworm_loader_may2022.yar similarity index 93% rename from yara_rules/sekoiaio_apt_qnapworm_loader_may2022.yar rename to yara_rules/apt_qnapworm_loader_may2022.yar index a4f148a..8500a50 100644 --- a/yara_rules/sekoiaio_apt_qnapworm_loader_may2022.yar +++ b/yara_rules/apt_qnapworm_loader_may2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_qnapworm_loader_may2022 { +rule apt_qnapworm_loader_may2022 { meta: id = "c6e87a55-73ea-4df4-ab61-b5d34968d741" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_queueseed.yar b/yara_rules/apt_queueseed.yar similarity index 96% rename from yara_rules/sekoiaio_apt_queueseed.yar rename to yara_rules/apt_queueseed.yar index da3deb8..fc54f71 100644 --- a/yara_rules/sekoiaio_apt_queueseed.yar +++ b/yara_rules/apt_queueseed.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_queueseed { +rule apt_queueseed { meta: id = "35f7ffd5-4f6f-4b31-8d60-c713a15d14e8" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_reaper_2fa_phishing_webpage.yar b/yara_rules/apt_reaper_2fa_phishing_webpage.yar similarity index 93% rename from yara_rules/sekoiaio_apt_reaper_2fa_phishing_webpage.yar rename to yara_rules/apt_reaper_2fa_phishing_webpage.yar index 2196465..cc5ed12 100644 --- a/yara_rules/sekoiaio_apt_reaper_2fa_phishing_webpage.yar +++ b/yara_rules/apt_reaper_2fa_phishing_webpage.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_reaper_2fa_phishing_webpage { +rule apt_reaper_2fa_phishing_webpage { meta: id = "348ca2ad-c8f9-4aed-8a27-95caa3a34f4b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_reaper_malicious_lnk.yar b/yara_rules/apt_reaper_malicious_lnk.yar similarity index 89% rename from yara_rules/sekoiaio_apt_reaper_malicious_lnk.yar rename to yara_rules/apt_reaper_malicious_lnk.yar index 71ba2a3..366d5f9 100644 --- a/yara_rules/sekoiaio_apt_reaper_malicious_lnk.yar +++ b/yara_rules/apt_reaper_malicious_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_reaper_malicious_lnk { +rule apt_reaper_malicious_lnk { meta: id = "8f055d1b-5727-4d77-9671-cdbb1ea69d5f" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_redhotel_maliciouslnk_strings.yar b/yara_rules/apt_redhotel_maliciouslnk_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_redhotel_maliciouslnk_strings.yar rename to yara_rules/apt_redhotel_maliciouslnk_strings.yar index 360428c..1f1904f 100644 --- a/yara_rules/sekoiaio_apt_redhotel_maliciouslnk_strings.yar +++ b/yara_rules/apt_redhotel_maliciouslnk_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_redhotel_maliciouslnk_strings { +rule apt_redhotel_maliciouslnk_strings { meta: id = "df2f0002-7921-4378-a936-ea0de5fbfa5a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_rusticweb_stealer.yar b/yara_rules/apt_rusticweb_stealer.yar similarity index 92% rename from yara_rules/sekoiaio_apt_rusticweb_stealer.yar rename to yara_rules/apt_rusticweb_stealer.yar index cc821b2..6fd6df3 100644 --- a/yara_rules/sekoiaio_apt_rusticweb_stealer.yar +++ b/yara_rules/apt_rusticweb_stealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_rusticweb_stealer { +rule apt_rusticweb_stealer { meta: id = "813072e0-28de-4cb7-b2cc-71d77a1e8508" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sandworm_awfulshred_obfuscation_apr2022.yar b/yara_rules/apt_sandworm_awfulshred_obfuscation_apr2022.yar similarity index 87% rename from yara_rules/sekoiaio_apt_sandworm_awfulshred_obfuscation_apr2022.yar rename to yara_rules/apt_sandworm_awfulshred_obfuscation_apr2022.yar index 1039422..7769143 100644 --- a/yara_rules/sekoiaio_apt_sandworm_awfulshred_obfuscation_apr2022.yar +++ b/yara_rules/apt_sandworm_awfulshred_obfuscation_apr2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sandworm_awfulshred_obfuscation_apr2022 { +rule apt_sandworm_awfulshred_obfuscation_apr2022 { meta: id = "52317e6b-7f2c-4c2a-bcfc-ebb4ab4c728e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sandworm_caddywiper_stacked_strings.yar b/yara_rules/apt_sandworm_caddywiper_stacked_strings.yar similarity index 96% rename from yara_rules/sekoiaio_apt_sandworm_caddywiper_stacked_strings.yar rename to yara_rules/apt_sandworm_caddywiper_stacked_strings.yar index 00f88c1..8f9824f 100644 --- a/yara_rules/sekoiaio_apt_sandworm_caddywiper_stacked_strings.yar +++ b/yara_rules/apt_sandworm_caddywiper_stacked_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sandworm_caddywiper_stacked_strings { +rule apt_sandworm_caddywiper_stacked_strings { meta: id = "7750c4b6-5781-4b1c-8200-cbce9f18aa56" version = "2.0" diff --git a/yara_rules/sekoiaio_apt_sandworm_notpetya_strings.yar b/yara_rules/apt_sandworm_notpetya_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_sandworm_notpetya_strings.yar rename to yara_rules/apt_sandworm_notpetya_strings.yar index aeec89e..dc5f62c 100644 --- a/yara_rules/sekoiaio_apt_sandworm_notpetya_strings.yar +++ b/yara_rules/apt_sandworm_notpetya_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sandworm_notpetya_strings { +rule apt_sandworm_notpetya_strings { meta: id = "c6021638-1b59-4d20-a29d-95cabf256a28" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sandworm_olympicdestroyer.yar b/yara_rules/apt_sandworm_olympicdestroyer.yar similarity index 93% rename from yara_rules/sekoiaio_apt_sandworm_olympicdestroyer.yar rename to yara_rules/apt_sandworm_olympicdestroyer.yar index 94eb960..a24d620 100644 --- a/yara_rules/sekoiaio_apt_sandworm_olympicdestroyer.yar +++ b/yara_rules/apt_sandworm_olympicdestroyer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sandworm_olympicdestroyer { +rule apt_sandworm_olympicdestroyer { meta: id = "6820eb32-fea2-4a00-a5a2-672ba09f8206" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sandworm_orcshred_apr2022.yar b/yara_rules/apt_sandworm_orcshred_apr2022.yar similarity index 90% rename from yara_rules/sekoiaio_apt_sandworm_orcshred_apr2022.yar rename to yara_rules/apt_sandworm_orcshred_apr2022.yar index 7a51f3d..1af6081 100644 --- a/yara_rules/sekoiaio_apt_sandworm_orcshred_apr2022.yar +++ b/yara_rules/apt_sandworm_orcshred_apr2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sandworm_orcshred_apr2022 { +rule apt_sandworm_orcshred_apr2022 { meta: id = "1a88800c-29e1-4e2c-8374-f5a93dd9fd91" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sandworm_powergap_apr2022.yar b/yara_rules/apt_sandworm_powergap_apr2022.yar similarity index 93% rename from yara_rules/sekoiaio_apt_sandworm_powergap_apr2022.yar rename to yara_rules/apt_sandworm_powergap_apr2022.yar index 7c9b6d7..130b0b1 100644 --- a/yara_rules/sekoiaio_apt_sandworm_powergap_apr2022.yar +++ b/yara_rules/apt_sandworm_powergap_apr2022.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sandworm_powergap_apr2022 { +rule apt_sandworm_powergap_apr2022 { meta: id = "2a1c7f02-92b3-45b8-a710-253b1a28fe85" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_scanbox_framework_not_obfuscated.yar b/yara_rules/apt_scanbox_framework_not_obfuscated.yar similarity index 92% rename from yara_rules/sekoiaio_apt_scanbox_framework_not_obfuscated.yar rename to yara_rules/apt_scanbox_framework_not_obfuscated.yar index 319b555..77cd8d7 100644 --- a/yara_rules/sekoiaio_apt_scanbox_framework_not_obfuscated.yar +++ b/yara_rules/apt_scanbox_framework_not_obfuscated.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_scanbox_framework_not_obfuscated { +rule apt_scanbox_framework_not_obfuscated { meta: id = "4790f122-89de-4f7b-a25f-9ac7b1af8333" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_scanbox_obfuscated_versions.yar b/yara_rules/apt_scanbox_obfuscated_versions.yar similarity index 92% rename from yara_rules/sekoiaio_apt_scanbox_obfuscated_versions.yar rename to yara_rules/apt_scanbox_obfuscated_versions.yar index 86bd52d..97f5dcc 100644 --- a/yara_rules/sekoiaio_apt_scanbox_obfuscated_versions.yar +++ b/yara_rules/apt_scanbox_obfuscated_versions.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_scanbox_obfuscated_versions { +rule apt_scanbox_obfuscated_versions { meta: id = "2866cead-7f16-4895-80ef-aad6fb66e864" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_shadowpad_first_called_function.yar b/yara_rules/apt_shadowpad_first_called_function.yar similarity index 93% rename from yara_rules/sekoiaio_apt_shadowpad_first_called_function.yar rename to yara_rules/apt_shadowpad_first_called_function.yar index c196559..2b8161c 100644 --- a/yara_rules/sekoiaio_apt_shadowpad_first_called_function.yar +++ b/yara_rules/apt_shadowpad_first_called_function.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_shadowpad_first_called_function { +rule apt_shadowpad_first_called_function { meta: id = "3ce1ffd3-5c30-4b36-b7cc-c9fa873ebc25" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sidecopy_actionrat_packer_strings.yar b/yara_rules/apt_sidecopy_actionrat_packer_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_sidecopy_actionrat_packer_strings.yar rename to yara_rules/apt_sidecopy_actionrat_packer_strings.yar index 3ae4b4b..2b79515 100644 --- a/yara_rules/sekoiaio_apt_sidecopy_actionrat_packer_strings.yar +++ b/yara_rules/apt_sidecopy_actionrat_packer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sidecopy_actionrat_packer_strings { +rule apt_sidecopy_actionrat_packer_strings { meta: id = "b9370bd5-12e1-448e-a5b1-2acc72adc4a7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sidecopy_cheex.yar b/yara_rules/apt_sidecopy_cheex.yar similarity index 92% rename from yara_rules/sekoiaio_apt_sidecopy_cheex.yar rename to yara_rules/apt_sidecopy_cheex.yar index 59a83bc..ea168e6 100644 --- a/yara_rules/sekoiaio_apt_sidecopy_cheex.yar +++ b/yara_rules/apt_sidecopy_cheex.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sidecopy_cheex { +rule apt_sidecopy_cheex { meta: id = "e9b57f15-e703-4367-b501-fa8a873e4455" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sidecopy_malicious_macro.yar b/yara_rules/apt_sidecopy_malicious_macro.yar similarity index 92% rename from yara_rules/sekoiaio_apt_sidecopy_malicious_macro.yar rename to yara_rules/apt_sidecopy_malicious_macro.yar index e7d8b7f..3f07e9d 100644 --- a/yara_rules/sekoiaio_apt_sidecopy_malicious_macro.yar +++ b/yara_rules/apt_sidecopy_malicious_macro.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sidecopy_malicious_macro { +rule apt_sidecopy_malicious_macro { meta: id = "4b90c33e-48d4-48b6-87a7-c35686e7e913" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sidecopy_reverserat_strings.yar b/yara_rules/apt_sidecopy_reverserat_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_sidecopy_reverserat_strings.yar rename to yara_rules/apt_sidecopy_reverserat_strings.yar index 710956c..ccf87b5 100644 --- a/yara_rules/sekoiaio_apt_sidecopy_reverserat_strings.yar +++ b/yara_rules/apt_sidecopy_reverserat_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sidecopy_reverserat_strings { +rule apt_sidecopy_reverserat_strings { meta: id = "383397c9-fd4a-4255-a8f2-27683bdbb7f7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sofacy_graphitemalware_generic.yar b/yara_rules/apt_sofacy_graphitemalware_generic.yar similarity index 93% rename from yara_rules/sekoiaio_apt_sofacy_graphitemalware_generic.yar rename to yara_rules/apt_sofacy_graphitemalware_generic.yar index 18afbcd..568a15f 100644 --- a/yara_rules/sekoiaio_apt_sofacy_graphitemalware_generic.yar +++ b/yara_rules/apt_sofacy_graphitemalware_generic.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_sofacy_graphitemalware_generic { +rule apt_sofacy_graphitemalware_generic { meta: id = "6b51cfa3-4a7d-4c2a-9fd9-f129b8a18466" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_spikedwine_malicious_hta.yar b/yara_rules/apt_spikedwine_malicious_hta.yar similarity index 90% rename from yara_rules/sekoiaio_apt_spikedwine_malicious_hta.yar rename to yara_rules/apt_spikedwine_malicious_hta.yar index de36fee..96ceafb 100644 --- a/yara_rules/sekoiaio_apt_spikedwine_malicious_hta.yar +++ b/yara_rules/apt_spikedwine_malicious_hta.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_spikedwine_malicious_hta { +rule apt_spikedwine_malicious_hta { meta: id = "e4526142-d98a-bf35-9d2c-ca2e83638c4b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_spikedwine_wineloader.yar b/yara_rules/apt_spikedwine_wineloader.yar similarity index 94% rename from yara_rules/sekoiaio_apt_spikedwine_wineloader.yar rename to yara_rules/apt_spikedwine_wineloader.yar index 9bf4a37..66717e8 100644 --- a/yara_rules/sekoiaio_apt_spikedwine_wineloader.yar +++ b/yara_rules/apt_spikedwine_wineloader.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_spikedwine_wineloader { +rule apt_spikedwine_wineloader { meta: id = "7a599076-cd9d-42c4-a83a-9a991ede19fb" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_spynote_android_dex_strings.yar b/yara_rules/apt_spynote_android_dex_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_spynote_android_dex_strings.yar rename to yara_rules/apt_spynote_android_dex_strings.yar index 3ae0ac0..4d8caf5 100644 --- a/yara_rules/sekoiaio_apt_spynote_android_dex_strings.yar +++ b/yara_rules/apt_spynote_android_dex_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_spynote_android_dex_strings { +rule apt_spynote_android_dex_strings { meta: id = "87fb8b7a-bfac-4003-b618-50b4a7863928" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_stripedfly.yar b/yara_rules/apt_stripedfly.yar similarity index 94% rename from yara_rules/sekoiaio_apt_stripedfly.yar rename to yara_rules/apt_stripedfly.yar index 5a7fce7..31d040f 100644 --- a/yara_rules/sekoiaio_apt_stripedfly.yar +++ b/yara_rules/apt_stripedfly.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_stripedfly { +rule apt_stripedfly { meta: id = "81968d34-3247-4965-ba44-55747370c90e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sugardump_credentials_stealer_http.yar b/yara_rules/apt_sugardump_credentials_stealer_http.yar similarity index 93% rename from yara_rules/sekoiaio_apt_sugardump_credentials_stealer_http.yar rename to yara_rules/apt_sugardump_credentials_stealer_http.yar index dabd97a..d807d9a 100644 --- a/yara_rules/sekoiaio_apt_sugardump_credentials_stealer_http.yar +++ b/yara_rules/apt_sugardump_credentials_stealer_http.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sugardump_credentials_stealer_http { +rule apt_sugardump_credentials_stealer_http { meta: id = "47d01ba8-9fdd-42d5-9f10-115f982dc133" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sugardump_credentials_stealer_smtp.yar b/yara_rules/apt_sugardump_credentials_stealer_smtp.yar similarity index 91% rename from yara_rules/sekoiaio_apt_sugardump_credentials_stealer_smtp.yar rename to yara_rules/apt_sugardump_credentials_stealer_smtp.yar index 18fd744..b0e25cc 100644 --- a/yara_rules/sekoiaio_apt_sugardump_credentials_stealer_smtp.yar +++ b/yara_rules/apt_sugardump_credentials_stealer_smtp.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sugardump_credentials_stealer_smtp { +rule apt_sugardump_credentials_stealer_smtp { meta: id = "bf028ebc-bfaa-45b3-9a3f-8949a5efbb73" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_sugargh0stcampaign_malicious_lnk.yar b/yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar similarity index 89% rename from yara_rules/sekoiaio_apt_sugargh0stcampaign_malicious_lnk.yar rename to yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar index b5b215c..572e080 100644 --- a/yara_rules/sekoiaio_apt_sugargh0stcampaign_malicious_lnk.yar +++ b/yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_sugargh0stcampaign_malicious_lnk { +rule apt_sugargh0stcampaign_malicious_lnk { meta: id = "4297c150-d125-49b9-8850-fcedf5284ae9" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_hatvibe.yar b/yara_rules/apt_susp_apt28_uac0063_hatvibe.yar similarity index 93% rename from yara_rules/sekoiaio_apt_susp_apt28_uac0063_hatvibe.yar rename to yara_rules/apt_susp_apt28_uac0063_hatvibe.yar index b74b373..61266c4 100644 --- a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_hatvibe.yar +++ b/yara_rules/apt_susp_apt28_uac0063_hatvibe.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_susp_apt28_uac0063_hatvibe { +rule apt_susp_apt28_uac0063_hatvibe { meta: id = "c4e04671-e75f-40a4-a489-79c2ce91cf7a" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_hta_loader.yar b/yara_rules/apt_susp_apt28_uac0063_hta_loader.yar similarity index 92% rename from yara_rules/sekoiaio_apt_susp_apt28_uac0063_hta_loader.yar rename to yara_rules/apt_susp_apt28_uac0063_hta_loader.yar index 11449c3..56d5ee0 100644 --- a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_hta_loader.yar +++ b/yara_rules/apt_susp_apt28_uac0063_hta_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_susp_apt28_uac0063_hta_loader { +rule apt_susp_apt28_uac0063_hta_loader { meta: id = "8e1889c1-c6ac-4048-9d3a-99ccbbd5435f" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc.yar b/yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar similarity index 91% rename from yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc.yar rename to yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar index 4de04d5..d9b00e3 100644 --- a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc.yar +++ b/yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_susp_apt28_uac0063_malicious_doc { +rule apt_susp_apt28_uac0063_malicious_doc { meta: id = "2b9d597a-a6cd-49df-8938-7103342a1d06" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar b/yara_rules/apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar similarity index 91% rename from yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar rename to yara_rules/apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar index b0724c7..60b1b51 100644 --- a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar +++ b/yara_rules/apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_susp_apt28_uac0063_malicious_doc_settings_xml { +rule apt_susp_apt28_uac0063_malicious_doc_settings_xml { meta: id = "fd104985-6441-4fb6-8cc1-30afa4a7797b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc_vba.yar b/yara_rules/apt_susp_apt28_uac0063_malicious_doc_vba.yar similarity index 91% rename from yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc_vba.yar rename to yara_rules/apt_susp_apt28_uac0063_malicious_doc_vba.yar index 8ce3d5d..dc7afcd 100644 --- a/yara_rules/sekoiaio_apt_susp_apt28_uac0063_malicious_doc_vba.yar +++ b/yara_rules/apt_susp_apt28_uac0063_malicious_doc_vba.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_susp_apt28_uac0063_malicious_doc_vba { +rule apt_susp_apt28_uac0063_malicious_doc_vba { meta: id = "58040dbd-09ae-4f9e-940d-3a522e7ccfbb" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_susp_lazarus_dangerous_password.yar b/yara_rules/apt_susp_lazarus_dangerous_password.yar similarity index 87% rename from yara_rules/sekoiaio_apt_susp_lazarus_dangerous_password.yar rename to yara_rules/apt_susp_lazarus_dangerous_password.yar index 0fd3f73..514fee4 100644 --- a/yara_rules/sekoiaio_apt_susp_lazarus_dangerous_password.yar +++ b/yara_rules/apt_susp_lazarus_dangerous_password.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_susp_lazarus_dangerous_password { +rule apt_susp_lazarus_dangerous_password { meta: id = "726c8b92-7fbe-40f8-917a-cabd206028da" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_suspected_sandworm_sdelete_wiper.yar b/yara_rules/apt_suspected_sandworm_sdelete_wiper.yar similarity index 91% rename from yara_rules/sekoiaio_apt_suspected_sandworm_sdelete_wiper.yar rename to yara_rules/apt_suspected_sandworm_sdelete_wiper.yar index 2cd8058..792881c 100644 --- a/yara_rules/sekoiaio_apt_suspected_sandworm_sdelete_wiper.yar +++ b/yara_rules/apt_suspected_sandworm_sdelete_wiper.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_suspected_sandworm_sdelete_wiper { +rule apt_suspected_sandworm_sdelete_wiper { meta: id = "c1419b11-33e5-4280-b92a-039719cb17d3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_ta410_driver_keylogger.yar b/yara_rules/apt_ta410_driver_keylogger.yar similarity index 93% rename from yara_rules/sekoiaio_apt_ta410_driver_keylogger.yar rename to yara_rules/apt_ta410_driver_keylogger.yar index 3aace37..2a8c96a 100644 --- a/yara_rules/sekoiaio_apt_ta410_driver_keylogger.yar +++ b/yara_rules/apt_ta410_driver_keylogger.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_ta410_driver_keylogger { +rule apt_ta410_driver_keylogger { meta: id = "0cba1b3b-b93e-41e3-a7df-afd306e6b519" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_ta410_flowcloud_loader.yar b/yara_rules/apt_ta410_flowcloud_loader.yar similarity index 94% rename from yara_rules/sekoiaio_apt_ta410_flowcloud_loader.yar rename to yara_rules/apt_ta410_flowcloud_loader.yar index 18f160b..ecb2e59 100644 --- a/yara_rules/sekoiaio_apt_ta410_flowcloud_loader.yar +++ b/yara_rules/apt_ta410_flowcloud_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_ta410_flowcloud_loader { +rule apt_ta410_flowcloud_loader { meta: id = "0a11dfa0-5a59-477b-baf6-6a777d020860" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_ta410_flowcloud_rtti.yar b/yara_rules/apt_ta410_flowcloud_rtti.yar similarity index 92% rename from yara_rules/sekoiaio_apt_ta410_flowcloud_rtti.yar rename to yara_rules/apt_ta410_flowcloud_rtti.yar index cd8b9bf..3c86831 100644 --- a/yara_rules/sekoiaio_apt_ta410_flowcloud_rtti.yar +++ b/yara_rules/apt_ta410_flowcloud_rtti.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_ta410_flowcloud_rtti { +rule apt_ta410_flowcloud_rtti { meta: id = "c6a18c08-8b98-46d7-a6c3-dc171c7791ac" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_ta428_tmanger_strings.yar b/yara_rules/apt_ta428_tmanger_strings.yar similarity index 94% rename from yara_rules/sekoiaio_apt_ta428_tmanger_strings.yar rename to yara_rules/apt_ta428_tmanger_strings.yar index 6fa1d1b..dcd83a1 100644 --- a/yara_rules/sekoiaio_apt_ta428_tmanger_strings.yar +++ b/yara_rules/apt_ta428_tmanger_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_ta428_tmanger_strings { +rule apt_ta428_tmanger_strings { meta: id = "f600404d-3f93-4e3f-bba7-9f519f67c6cb" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_tealkurma_snappytcp_reverse_shell_strings.yar b/yara_rules/apt_tealkurma_snappytcp_reverse_shell_strings.yar similarity index 89% rename from yara_rules/sekoiaio_apt_tealkurma_snappytcp_reverse_shell_strings.yar rename to yara_rules/apt_tealkurma_snappytcp_reverse_shell_strings.yar index 81e24c9..59fe644 100644 --- a/yara_rules/sekoiaio_apt_tealkurma_snappytcp_reverse_shell_strings.yar +++ b/yara_rules/apt_tealkurma_snappytcp_reverse_shell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_tealkurma_snappytcp_reverse_shell_strings { +rule apt_tealkurma_snappytcp_reverse_shell_strings { meta: id = "e842825c-546c-475a-bc94-7e97aea4e9e0" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_tealkurma_snappytcp_strings.yar b/yara_rules/apt_tealkurma_snappytcp_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_tealkurma_snappytcp_strings.yar rename to yara_rules/apt_tealkurma_snappytcp_strings.yar index 2199a98..e4898b0 100644 --- a/yara_rules/sekoiaio_apt_tealkurma_snappytcp_strings.yar +++ b/yara_rules/apt_tealkurma_snappytcp_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_tealkurma_snappytcp_strings { +rule apt_tealkurma_snappytcp_strings { meta: id = "6bbee6d6-f490-4550-bd61-a643f93a8788" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_toddycat_toddybox_strings.yar b/yara_rules/apt_toddycat_toddybox_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_toddycat_toddybox_strings.yar rename to yara_rules/apt_toddycat_toddybox_strings.yar index e06ad8e..ec974ee 100644 --- a/yara_rules/sekoiaio_apt_toddycat_toddybox_strings.yar +++ b/yara_rules/apt_toddycat_toddybox_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_toddycat_toddybox_strings { +rule apt_toddycat_toddybox_strings { meta: id = "fde3df24-ebd7-4327-998e-bddaa08835da" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_toddycat_tomberbil_strings.yar b/yara_rules/apt_toddycat_tomberbil_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_toddycat_tomberbil_strings.yar rename to yara_rules/apt_toddycat_tomberbil_strings.yar index 57f177e..988a853 100644 --- a/yara_rules/sekoiaio_apt_toddycat_tomberbil_strings.yar +++ b/yara_rules/apt_toddycat_tomberbil_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_toddycat_tomberbil_strings { +rule apt_toddycat_tomberbil_strings { meta: id = "b16f4d35-ea59-4439-8ddb-2c0415b97b9b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_toddycat_waexp_strings.yar b/yara_rules/apt_toddycat_waexp_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_toddycat_waexp_strings.yar rename to yara_rules/apt_toddycat_waexp_strings.yar index 8f8b81a..17703ed 100644 --- a/yara_rules/sekoiaio_apt_toddycat_waexp_strings.yar +++ b/yara_rules/apt_toddycat_waexp_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_toddycat_waexp_strings { +rule apt_toddycat_waexp_strings { meta: id = "1bbb3e81-14a9-4bda-b647-b6f5255e9a16" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_toneshell_loader.yar b/yara_rules/apt_toneshell_loader.yar similarity index 97% rename from yara_rules/sekoiaio_apt_toneshell_loader.yar rename to yara_rules/apt_toneshell_loader.yar index 00a032e..4d50cb3 100644 --- a/yara_rules/sekoiaio_apt_toneshell_loader.yar +++ b/yara_rules/apt_toneshell_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_toneshell_loader { +rule apt_toneshell_loader { meta: id = "b4bf284b-cab6-455e-a1c1-ad341d43bfdd" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_toneshell_shellcode.yar b/yara_rules/apt_toneshell_shellcode.yar similarity index 95% rename from yara_rules/sekoiaio_apt_toneshell_shellcode.yar rename to yara_rules/apt_toneshell_shellcode.yar index 3448f2e..11aa693 100644 --- a/yara_rules/sekoiaio_apt_toneshell_shellcode.yar +++ b/yara_rules/apt_toneshell_shellcode.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_toneshell_shellcode { +rule apt_toneshell_shellcode { meta: id = "5ac8d2e9-dbeb-42f9-8343-1281510d4411" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_tortoiseshell_imaploader.yar b/yara_rules/apt_tortoiseshell_imaploader.yar similarity index 91% rename from yara_rules/sekoiaio_apt_tortoiseshell_imaploader.yar rename to yara_rules/apt_tortoiseshell_imaploader.yar index 7ba4c06..d0f7e4a 100644 --- a/yara_rules/sekoiaio_apt_tortoiseshell_imaploader.yar +++ b/yara_rules/apt_tortoiseshell_imaploader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_tortoiseshell_imaploader { +rule apt_tortoiseshell_imaploader { meta: id = "e1706b59-5c94-4fbf-8560-0022ca631d1d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_tortoiseshell_wateringhole_script.yar b/yara_rules/apt_tortoiseshell_wateringhole_script.yar similarity index 92% rename from yara_rules/sekoiaio_apt_tortoiseshell_wateringhole_script.yar rename to yara_rules/apt_tortoiseshell_wateringhole_script.yar index e0401cb..58c301d 100644 --- a/yara_rules/sekoiaio_apt_tortoiseshell_wateringhole_script.yar +++ b/yara_rules/apt_tortoiseshell_wateringhole_script.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_tortoiseshell_wateringhole_script { +rule apt_tortoiseshell_wateringhole_script { meta: id = "58c5ae66-fe09-497c-80bf-20feee4d95e7" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_turla_comlook.yar b/yara_rules/apt_turla_comlook.yar similarity index 97% rename from yara_rules/sekoiaio_apt_turla_comlook.yar rename to yara_rules/apt_turla_comlook.yar index 465e7ef..441e8c9 100644 --- a/yara_rules/sekoiaio_apt_turla_comlook.yar +++ b/yara_rules/apt_turla_comlook.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_turla_comlook { +rule apt_turla_comlook { meta: id = "c3bf886b-f952-47f9-aff6-3cd74c27077d" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_turla_kazuar_variant_2023.yar b/yara_rules/apt_turla_kazuar_variant_2023.yar similarity index 91% rename from yara_rules/sekoiaio_apt_turla_kazuar_variant_2023.yar rename to yara_rules/apt_turla_kazuar_variant_2023.yar index e7b4cac..d916be9 100644 --- a/yara_rules/sekoiaio_apt_turla_kazuar_variant_2023.yar +++ b/yara_rules/apt_turla_kazuar_variant_2023.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_turla_kazuar_variant_2023 { +rule apt_turla_kazuar_variant_2023 { meta: id = "51e9de6a-5d8a-4627-8063-b70f78e78726" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_uac0099_lonepage.yar b/yara_rules/apt_uac0099_lonepage.yar similarity index 96% rename from yara_rules/sekoiaio_apt_uac0099_lonepage.yar rename to yara_rules/apt_uac0099_lonepage.yar index 2e373ea..28c1178 100644 --- a/yara_rules/sekoiaio_apt_uac0099_lonepage.yar +++ b/yara_rules/apt_uac0099_lonepage.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_uac0099_lonepage { +rule apt_uac0099_lonepage { meta: id = "007f62f5-da5c-4df7-8b5c-5ed815ce6993" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_uac0154_malicious_html_smuggling.yar b/yara_rules/apt_uac0154_malicious_html_smuggling.yar similarity index 89% rename from yara_rules/sekoiaio_apt_uac0154_malicious_html_smuggling.yar rename to yara_rules/apt_uac0154_malicious_html_smuggling.yar index 56facfd..a877a36 100644 --- a/yara_rules/sekoiaio_apt_uac0154_malicious_html_smuggling.yar +++ b/yara_rules/apt_uac0154_malicious_html_smuggling.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_uac0154_malicious_html_smuggling { +rule apt_uac0154_malicious_html_smuggling { meta: id = "923d11e5-6332-456d-8aff-ae7fb76193a8" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_uac0154_powershell_infection_chain_1.yar b/yara_rules/apt_uac0154_powershell_infection_chain_1.yar similarity index 88% rename from yara_rules/sekoiaio_apt_uac0154_powershell_infection_chain_1.yar rename to yara_rules/apt_uac0154_powershell_infection_chain_1.yar index e61a4e6..d2e5f91 100644 --- a/yara_rules/sekoiaio_apt_uac0154_powershell_infection_chain_1.yar +++ b/yara_rules/apt_uac0154_powershell_infection_chain_1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_uac0154_powershell_infection_chain_1 { +rule apt_uac0154_powershell_infection_chain_1 { meta: id = "428eb021-b37f-4db5-8cab-ca2f6dd2e202" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_uac0154_powershell_infection_chain_2.yar b/yara_rules/apt_uac0154_powershell_infection_chain_2.yar similarity index 89% rename from yara_rules/sekoiaio_apt_uac0154_powershell_infection_chain_2.yar rename to yara_rules/apt_uac0154_powershell_infection_chain_2.yar index 7ba812d..832a2cf 100644 --- a/yara_rules/sekoiaio_apt_uac0154_powershell_infection_chain_2.yar +++ b/yara_rules/apt_uac0154_powershell_infection_chain_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_uac0154_powershell_infection_chain_2 { +rule apt_uac0154_powershell_infection_chain_2 { meta: id = "6fe37d52-9bd3-4aa8-83ba-15399bd1b66c" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unc3524_quietexit_strings.yar b/yara_rules/apt_unc3524_quietexit_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_unc3524_quietexit_strings.yar rename to yara_rules/apt_unc3524_quietexit_strings.yar index 3a7f6cd..8e763f5 100644 --- a/yara_rules/sekoiaio_apt_unc3524_quietexit_strings.yar +++ b/yara_rules/apt_unc3524_quietexit_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unc3524_quietexit_strings { +rule apt_unc3524_quietexit_strings { meta: id = "1bfa9baa-40a3-4ad7-83dc-f9340fbed180" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unc4990_emptyspace_pyc.yar b/yara_rules/apt_unc4990_emptyspace_pyc.yar similarity index 96% rename from yara_rules/sekoiaio_apt_unc4990_emptyspace_pyc.yar rename to yara_rules/apt_unc4990_emptyspace_pyc.yar index aa9e4a5..0ace5f7 100644 --- a/yara_rules/sekoiaio_apt_unc4990_emptyspace_pyc.yar +++ b/yara_rules/apt_unc4990_emptyspace_pyc.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unc4990_emptyspace_pyc { +rule apt_unc4990_emptyspace_pyc { meta: id = "d970fd9c-1ce5-471c-96a1-146250f36b89" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unc4990_explorer_ps1.yar b/yara_rules/apt_unc4990_explorer_ps1.yar similarity index 92% rename from yara_rules/sekoiaio_apt_unc4990_explorer_ps1.yar rename to yara_rules/apt_unc4990_explorer_ps1.yar index 4f36d8e..63b0f20 100644 --- a/yara_rules/sekoiaio_apt_unc4990_explorer_ps1.yar +++ b/yara_rules/apt_unc4990_explorer_ps1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unc4990_explorer_ps1 { +rule apt_unc4990_explorer_ps1 { meta: id = "2e1abbbf-f9b7-4147-b7da-3544cbc4a5f1" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unc4990_explorer_ps1_reverse_b64.yar b/yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar similarity index 91% rename from yara_rules/sekoiaio_apt_unc4990_explorer_ps1_reverse_b64.yar rename to yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar index 7315677..11d97a2 100644 --- a/yara_rules/sekoiaio_apt_unc4990_explorer_ps1_reverse_b64.yar +++ b/yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unc4990_explorer_ps1_reverse_b64 { +rule apt_unc4990_explorer_ps1_reverse_b64 { meta: id = "35c3ffb2-2ced-426c-ac3f-a8cd0c357672" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unk_batcopier_strings.yar b/yara_rules/apt_unk_batcopier_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_unk_batcopier_strings.yar rename to yara_rules/apt_unk_batcopier_strings.yar index 1cc29b9..015cb4e 100644 --- a/yara_rules/sekoiaio_apt_unk_batcopier_strings.yar +++ b/yara_rules/apt_unk_batcopier_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unk_batcopier_strings { +rule apt_unk_batcopier_strings { meta: id = "eb76bbd0-a722-4fec-a4a7-c48c70a1880b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unk_dex_china_freedom_trap_spyware.yar b/yara_rules/apt_unk_dex_china_freedom_trap_spyware.yar similarity index 94% rename from yara_rules/sekoiaio_apt_unk_dex_china_freedom_trap_spyware.yar rename to yara_rules/apt_unk_dex_china_freedom_trap_spyware.yar index dd0d364..bd54466 100644 --- a/yara_rules/sekoiaio_apt_unk_dex_china_freedom_trap_spyware.yar +++ b/yara_rules/apt_unk_dex_china_freedom_trap_spyware.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unk_dex_china_freedom_trap_spyware { +rule apt_unk_dex_china_freedom_trap_spyware { meta: id = "3d66b6b8-8397-441a-a337-4a282df39591" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unk_hrserv_memory_commands_strings.yar b/yara_rules/apt_unk_hrserv_memory_commands_strings.yar similarity index 91% rename from yara_rules/sekoiaio_apt_unk_hrserv_memory_commands_strings.yar rename to yara_rules/apt_unk_hrserv_memory_commands_strings.yar index 2d2099c..dc981d4 100644 --- a/yara_rules/sekoiaio_apt_unk_hrserv_memory_commands_strings.yar +++ b/yara_rules/apt_unk_hrserv_memory_commands_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unk_hrserv_memory_commands_strings { +rule apt_unk_hrserv_memory_commands_strings { meta: id = "1b5f442a-e758-4bd5-a612-8b504a542d29" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unk_hrserv_webshell_strings.yar b/yara_rules/apt_unk_hrserv_webshell_strings.yar similarity index 93% rename from yara_rules/sekoiaio_apt_unk_hrserv_webshell_strings.yar rename to yara_rules/apt_unk_hrserv_webshell_strings.yar index ccfc64b..093c0f0 100644 --- a/yara_rules/sekoiaio_apt_unk_hrserv_webshell_strings.yar +++ b/yara_rules/apt_unk_hrserv_webshell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unk_hrserv_webshell_strings { +rule apt_unk_hrserv_webshell_strings { meta: id = "684fd41c-9ea6-4f4e-8db4-82325a2ff80b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unk_malicious_lnk.yar b/yara_rules/apt_unk_malicious_lnk.yar similarity index 94% rename from yara_rules/sekoiaio_apt_unk_malicious_lnk.yar rename to yara_rules/apt_unk_malicious_lnk.yar index 97cc140..9a49b6a 100644 --- a/yara_rules/sekoiaio_apt_unk_malicious_lnk.yar +++ b/yara_rules/apt_unk_malicious_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unk_malicious_lnk { +rule apt_unk_malicious_lnk { meta: id = "d2248803-7ddf-4cde-ab6a-78b20e760919" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_unknown_sessionmanageriis_strings.yar b/yara_rules/apt_unknown_sessionmanageriis_strings.yar similarity index 92% rename from yara_rules/sekoiaio_apt_unknown_sessionmanageriis_strings.yar rename to yara_rules/apt_unknown_sessionmanageriis_strings.yar index 86873c0..fb698e8 100644 --- a/yara_rules/sekoiaio_apt_unknown_sessionmanageriis_strings.yar +++ b/yara_rules/apt_unknown_sessionmanageriis_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_unknown_sessionmanageriis_strings { +rule apt_unknown_sessionmanageriis_strings { meta: id = "7d55dd82-509f-444d-a1ba-6417b51f392f" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_uta0178_javascript_inclusion_strings.yar b/yara_rules/apt_uta0178_javascript_inclusion_strings.yar similarity index 90% rename from yara_rules/sekoiaio_apt_uta0178_javascript_inclusion_strings.yar rename to yara_rules/apt_uta0178_javascript_inclusion_strings.yar index 52fcbbd..ccfb950 100644 --- a/yara_rules/sekoiaio_apt_uta0178_javascript_inclusion_strings.yar +++ b/yara_rules/apt_uta0178_javascript_inclusion_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_uta0178_javascript_inclusion_strings { +rule apt_uta0178_javascript_inclusion_strings { meta: id = "af816c35-1f00-47ea-86ee-c034607c625e" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_uta0218_upstyle_backdoor_strings.yar b/yara_rules/apt_uta0218_upstyle_backdoor_strings.yar similarity index 94% rename from yara_rules/sekoiaio_apt_uta0218_upstyle_backdoor_strings.yar rename to yara_rules/apt_uta0218_upstyle_backdoor_strings.yar index 5a96489..5ed392a 100644 --- a/yara_rules/sekoiaio_apt_uta0218_upstyle_backdoor_strings.yar +++ b/yara_rules/apt_uta0218_upstyle_backdoor_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_uta0218_upstyle_backdoor_strings { +rule apt_uta0218_upstyle_backdoor_strings { meta: id = "098fbad7-efaf-4198-83de-208c2ae16f89" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_win_disabledefender.yar b/yara_rules/apt_win_disabledefender.yar similarity index 93% rename from yara_rules/sekoiaio_apt_win_disabledefender.yar rename to yara_rules/apt_win_disabledefender.yar index 458cd14..539e1e3 100644 --- a/yara_rules/sekoiaio_apt_win_disabledefender.yar +++ b/yara_rules/apt_win_disabledefender.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_apt_win_disabledefender { +rule apt_win_disabledefender { meta: id = "a7b124ab-4c9d-47c0-a59e-211cc713b9b3" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_windows_wip19_screencap.yar b/yara_rules/apt_windows_wip19_screencap.yar similarity index 93% rename from yara_rules/sekoiaio_apt_windows_wip19_screencap.yar rename to yara_rules/apt_windows_wip19_screencap.yar index 52bb5c7..39c710b 100644 --- a/yara_rules/sekoiaio_apt_windows_wip19_screencap.yar +++ b/yara_rules/apt_windows_wip19_screencap.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_apt_windows_wip19_screencap { +rule apt_windows_wip19_screencap { meta: id = "ebf5d2c5-81c9-45c3-aa61-05870f800f6b" version = "1.0" diff --git a/yara_rules/sekoiaio_apt_yemen_apk_guardzoo.yar b/yara_rules/apt_yemen_apk_guardzoo.yar similarity index 97% rename from yara_rules/sekoiaio_apt_yemen_apk_guardzoo.yar rename to yara_rules/apt_yemen_apk_guardzoo.yar index 0688027..dfbc56e 100644 --- a/yara_rules/sekoiaio_apt_yemen_apk_guardzoo.yar +++ b/yara_rules/apt_yemen_apk_guardzoo.yar @@ -1,4 +1,4 @@ -rule sekoiaio_apt_yemen_apk_guardzoo { +rule apt_yemen_apk_guardzoo { meta: id = "f4004e7c-2904-46ea-a3e6-2bdd3e704fea" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_blueshell.yar b/yara_rules/backdoor_blueshell.yar similarity index 94% rename from yara_rules/sekoiaio_backdoor_blueshell.yar rename to yara_rules/backdoor_blueshell.yar index 79b99b0..9f20439 100644 --- a/yara_rules/sekoiaio_backdoor_blueshell.yar +++ b/yara_rules/backdoor_blueshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_blueshell { +rule backdoor_blueshell { meta: id = "8f1cd966-c4d8-44f9-8cd5-4f5277332546" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_lin_bifrost.yar b/yara_rules/backdoor_lin_bifrost.yar similarity index 95% rename from yara_rules/sekoiaio_backdoor_lin_bifrost.yar rename to yara_rules/backdoor_lin_bifrost.yar index f4d134c..d57d817 100644 --- a/yara_rules/sekoiaio_backdoor_lin_bifrost.yar +++ b/yara_rules/backdoor_lin_bifrost.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_lin_bifrost { +rule backdoor_lin_bifrost { meta: id = "9726b5f5-8cc3-4fad-950b-f20cac04d496" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_lin_bpfdoor.yar b/yara_rules/backdoor_lin_bpfdoor.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_lin_bpfdoor.yar rename to yara_rules/backdoor_lin_bpfdoor.yar index b3d259a..d9f41d1 100644 --- a/yara_rules/sekoiaio_backdoor_lin_bpfdoor.yar +++ b/yara_rules/backdoor_lin_bpfdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_lin_bpfdoor { +rule backdoor_lin_bpfdoor { meta: id = "1776ff6f-6fbb-4a81-bcad-c43b5117c67c" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_lin_sysupdate.yar b/yara_rules/backdoor_lin_sysupdate.yar similarity index 93% rename from yara_rules/sekoiaio_backdoor_lin_sysupdate.yar rename to yara_rules/backdoor_lin_sysupdate.yar index 852015d..a320c03 100644 --- a/yara_rules/sekoiaio_backdoor_lin_sysupdate.yar +++ b/yara_rules/backdoor_lin_sysupdate.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_lin_sysupdate { +rule backdoor_lin_sysupdate { meta: id = "9cb806cf-4ca1-44d8-809a-58cc5f364fb8" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_mul_sparkrat.yar b/yara_rules/backdoor_mul_sparkrat.yar similarity index 98% rename from yara_rules/sekoiaio_backdoor_mul_sparkrat.yar rename to yara_rules/backdoor_mul_sparkrat.yar index 5ae3b99..d3efa9c 100644 --- a/yara_rules/sekoiaio_backdoor_mul_sparkrat.yar +++ b/yara_rules/backdoor_mul_sparkrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_mul_sparkrat { +rule backdoor_mul_sparkrat { meta: id = "cd818207-f8ec-41fa-abef-c29d481c7897" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_mul_supershell_client.yar b/yara_rules/backdoor_mul_supershell_client.yar similarity index 95% rename from yara_rules/sekoiaio_backdoor_mul_supershell_client.yar rename to yara_rules/backdoor_mul_supershell_client.yar index eed4b03..b9e4eb3 100644 --- a/yara_rules/sekoiaio_backdoor_mul_supershell_client.yar +++ b/yara_rules/backdoor_mul_supershell_client.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_mul_supershell_client { +rule backdoor_mul_supershell_client { meta: id = "3498ca9e-a165-4dda-bc15-2e5d6d43d9c1" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_opensource_northstar_strings.yar b/yara_rules/backdoor_opensource_northstar_strings.yar similarity index 91% rename from yara_rules/sekoiaio_backdoor_opensource_northstar_strings.yar rename to yara_rules/backdoor_opensource_northstar_strings.yar index e45ace0..0b0a227 100644 --- a/yara_rules/sekoiaio_backdoor_opensource_northstar_strings.yar +++ b/yara_rules/backdoor_opensource_northstar_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_opensource_northstar_strings { +rule backdoor_opensource_northstar_strings { meta: id = "6bf2f428-ec1a-4115-9c5e-258e9176969a" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_oyster.yar b/yara_rules/backdoor_oyster.yar similarity index 93% rename from yara_rules/sekoiaio_backdoor_oyster.yar rename to yara_rules/backdoor_oyster.yar index 7bc3c50..0c109b4 100644 --- a/yara_rules/sekoiaio_backdoor_oyster.yar +++ b/yara_rules/backdoor_oyster.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_oyster { +rule backdoor_oyster { meta: id = "f95f98ea-1e52-45ae-8abf-a986f95d4ab2" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_powershellempire_batlauchers.yar b/yara_rules/backdoor_powershellempire_batlauchers.yar similarity index 91% rename from yara_rules/sekoiaio_backdoor_powershellempire_batlauchers.yar rename to yara_rules/backdoor_powershellempire_batlauchers.yar index a12dfd8..cbeded1 100644 --- a/yara_rules/sekoiaio_backdoor_powershellempire_batlauchers.yar +++ b/yara_rules/backdoor_powershellempire_batlauchers.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_powershellempire_batlauchers { +rule backdoor_powershellempire_batlauchers { meta: id = "ad371665-ec59-45c8-9d99-2a675842c384" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_powershellempire_csharp.yar b/yara_rules/backdoor_powershellempire_csharp.yar similarity index 94% rename from yara_rules/sekoiaio_backdoor_powershellempire_csharp.yar rename to yara_rules/backdoor_powershellempire_csharp.yar index d3f3b75..9006149 100644 --- a/yara_rules/sekoiaio_backdoor_powershellempire_csharp.yar +++ b/yara_rules/backdoor_powershellempire_csharp.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_powershellempire_csharp { +rule backdoor_powershellempire_csharp { meta: id = "952e8e9b-8e4d-4550-9cf4-7ffd2f9d0672" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_powershellempire_gen.yar b/yara_rules/backdoor_powershellempire_gen.yar similarity index 90% rename from yara_rules/sekoiaio_backdoor_powershellempire_gen.yar rename to yara_rules/backdoor_powershellempire_gen.yar index 5f123bf..8d5d640 100644 --- a/yara_rules/sekoiaio_backdoor_powershellempire_gen.yar +++ b/yara_rules/backdoor_powershellempire_gen.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_powershellempire_gen { +rule backdoor_powershellempire_gen { meta: id = "36050a5b-bdca-45cd-8e26-7129fdcbf1e8" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_powershellempire_python.yar b/yara_rules/backdoor_powershellempire_python.yar similarity index 89% rename from yara_rules/sekoiaio_backdoor_powershellempire_python.yar rename to yara_rules/backdoor_powershellempire_python.yar index fcb3658..5eb1089 100644 --- a/yara_rules/sekoiaio_backdoor_powershellempire_python.yar +++ b/yara_rules/backdoor_powershellempire_python.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_powershellempire_python { +rule backdoor_powershellempire_python { meta: id = "c2913f60-46a2-42c1-8569-72568eaddaed" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_powershellempire_sharpire.yar b/yara_rules/backdoor_powershellempire_sharpire.yar similarity index 91% rename from yara_rules/sekoiaio_backdoor_powershellempire_sharpire.yar rename to yara_rules/backdoor_powershellempire_sharpire.yar index 59d1e23..57253e3 100644 --- a/yara_rules/sekoiaio_backdoor_powershellempire_sharpire.yar +++ b/yara_rules/backdoor_powershellempire_sharpire.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_powershellempire_sharpire { +rule backdoor_powershellempire_sharpire { meta: id = "fed21fbd-52ed-4649-a1ff-56eae57fc9ef" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_sandman_strings.yar b/yara_rules/backdoor_sandman_strings.yar similarity index 93% rename from yara_rules/sekoiaio_backdoor_sandman_strings.yar rename to yara_rules/backdoor_sandman_strings.yar index 46028c8..2860578 100644 --- a/yara_rules/sekoiaio_backdoor_sandman_strings.yar +++ b/yara_rules/backdoor_sandman_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_sandman_strings { +rule backdoor_sandman_strings { meta: id = "7bac7a1e-7d4a-4410-9ad4-1c85beb6faaf" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_andardoor.yar b/yara_rules/backdoor_win_andardoor.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_win_andardoor.yar rename to yara_rules/backdoor_win_andardoor.yar index c146b52..54a3fb9 100644 --- a/yara_rules/sekoiaio_backdoor_win_andardoor.yar +++ b/yara_rules/backdoor_win_andardoor.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_andardoor { +rule backdoor_win_andardoor { meta: id = "27f28f6e-b8fd-41dc-88a8-92f5a125a807" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_blackrat.yar b/yara_rules/backdoor_win_blackrat.yar similarity index 97% rename from yara_rules/sekoiaio_backdoor_win_blackrat.yar rename to yara_rules/backdoor_win_blackrat.yar index 167f9bb..3a0b7da 100644 --- a/yara_rules/sekoiaio_backdoor_win_blackrat.yar +++ b/yara_rules/backdoor_win_blackrat.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_blackrat { +rule backdoor_win_blackrat { meta: id = "3a5a6290-6344-45ce-8929-ea5a4451840f" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_feedload.yar b/yara_rules/backdoor_win_feedload.yar similarity index 92% rename from yara_rules/sekoiaio_backdoor_win_feedload.yar rename to yara_rules/backdoor_win_feedload.yar index 5d8740f..6b9fec0 100644 --- a/yara_rules/sekoiaio_backdoor_win_feedload.yar +++ b/yara_rules/backdoor_win_feedload.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_feedload { +rule backdoor_win_feedload { meta: id = "29cc46c4-7ed7-4a34-9749-a8ba8d37eb4c" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_foresttiger.yar b/yara_rules/backdoor_win_foresttiger.yar similarity index 95% rename from yara_rules/sekoiaio_backdoor_win_foresttiger.yar rename to yara_rules/backdoor_win_foresttiger.yar index c9b5161..6e6eb09 100644 --- a/yara_rules/sekoiaio_backdoor_win_foresttiger.yar +++ b/yara_rules/backdoor_win_foresttiger.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_foresttiger { +rule backdoor_win_foresttiger { meta: id = "d3128da2-a86d-4db8-9b75-2f3048831c7e" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_headertip.yar b/yara_rules/backdoor_win_headertip.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_win_headertip.yar rename to yara_rules/backdoor_win_headertip.yar index 9774925..b4a89bb 100644 --- a/yara_rules/sekoiaio_backdoor_win_headertip.yar +++ b/yara_rules/backdoor_win_headertip.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_headertip { +rule backdoor_win_headertip { meta: id = "82899406-4ec3-41d2-bcc1-bdd1ee440e77" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_ketrum2.yar b/yara_rules/backdoor_win_ketrum2.yar similarity index 97% rename from yara_rules/sekoiaio_backdoor_win_ketrum2.yar rename to yara_rules/backdoor_win_ketrum2.yar index 924672f..8c2359a 100644 --- a/yara_rules/sekoiaio_backdoor_win_ketrum2.yar +++ b/yara_rules/backdoor_win_ketrum2.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_ketrum2 { +rule backdoor_win_ketrum2 { meta: id = "afcc349a-d44b-4b66-b86f-c62e700fa899" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_kimsuky.yar b/yara_rules/backdoor_win_kimsuky.yar similarity index 98% rename from yara_rules/sekoiaio_backdoor_win_kimsuky.yar rename to yara_rules/backdoor_win_kimsuky.yar index 031084f..55d5a58 100644 --- a/yara_rules/sekoiaio_backdoor_win_kimsuky.yar +++ b/yara_rules/backdoor_win_kimsuky.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_kimsuky { +rule backdoor_win_kimsuky { meta: id = "db927d1c-34cf-4501-a6ce-3e8ecdefc5a3" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_mgbot_main.yar b/yara_rules/backdoor_win_mgbot_main.yar similarity index 97% rename from yara_rules/sekoiaio_backdoor_win_mgbot_main.yar rename to yara_rules/backdoor_win_mgbot_main.yar index 0ba21b9..e951c6a 100644 --- a/yara_rules/sekoiaio_backdoor_win_mgbot_main.yar +++ b/yara_rules/backdoor_win_mgbot_main.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_mgbot_main { +rule backdoor_win_mgbot_main { meta: id = "528baa11-58d5-470a-bd6d-963d4ac75d97" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_minibike.yar b/yara_rules/backdoor_win_minibike.yar similarity index 97% rename from yara_rules/sekoiaio_backdoor_win_minibike.yar rename to yara_rules/backdoor_win_minibike.yar index 81f94f8..2f859e3 100644 --- a/yara_rules/sekoiaio_backdoor_win_minibike.yar +++ b/yara_rules/backdoor_win_minibike.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_minibike { +rule backdoor_win_minibike { meta: id = "d758c41a-279c-4706-9cf3-87740e45f71d" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_minibus.yar b/yara_rules/backdoor_win_minibus.yar similarity index 97% rename from yara_rules/sekoiaio_backdoor_win_minibus.yar rename to yara_rules/backdoor_win_minibus.yar index a895fc3..9bf1140 100644 --- a/yara_rules/sekoiaio_backdoor_win_minibus.yar +++ b/yara_rules/backdoor_win_minibus.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_minibus { +rule backdoor_win_minibus { meta: id = "f88bcf15-9a9f-4d84-adc6-db1db55fe93c" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_nukesped_andariel.yar b/yara_rules/backdoor_win_nukesped_andariel.yar similarity index 94% rename from yara_rules/sekoiaio_backdoor_win_nukesped_andariel.yar rename to yara_rules/backdoor_win_nukesped_andariel.yar index f559b4c..e0ffbeb 100644 --- a/yara_rules/sekoiaio_backdoor_win_nukesped_andariel.yar +++ b/yara_rules/backdoor_win_nukesped_andariel.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_nukesped_andariel { +rule backdoor_win_nukesped_andariel { meta: id = "a3601f0b-5782-4546-ac22-8a0514791f8f" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_rokrat.yar b/yara_rules/backdoor_win_rokrat.yar similarity index 98% rename from yara_rules/sekoiaio_backdoor_win_rokrat.yar rename to yara_rules/backdoor_win_rokrat.yar index 3efb000..d9ec58d 100644 --- a/yara_rules/sekoiaio_backdoor_win_rokrat.yar +++ b/yara_rules/backdoor_win_rokrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_rokrat { +rule backdoor_win_rokrat { meta: id = "97a3acc1-4120-4d67-a6ad-fa204f2fd7f5" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_rollsling.yar b/yara_rules/backdoor_win_rollsling.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_win_rollsling.yar rename to yara_rules/backdoor_win_rollsling.yar index 86b4a33..b6e3ac6 100644 --- a/yara_rules/sekoiaio_backdoor_win_rollsling.yar +++ b/yara_rules/backdoor_win_rollsling.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_rollsling { +rule backdoor_win_rollsling { meta: id = "5ef23b9c-5bc5-4f02-b1b4-1af18a03241a" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_sidewinder_cobaltstrike_2022_09.yar b/yara_rules/backdoor_win_sidewinder_cobaltstrike_2022_09.yar similarity index 94% rename from yara_rules/sekoiaio_backdoor_win_sidewinder_cobaltstrike_2022_09.yar rename to yara_rules/backdoor_win_sidewinder_cobaltstrike_2022_09.yar index 97c1a53..af40cbc 100644 --- a/yara_rules/sekoiaio_backdoor_win_sidewinder_cobaltstrike_2022_09.yar +++ b/yara_rules/backdoor_win_sidewinder_cobaltstrike_2022_09.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backdoor_win_sidewinder_cobaltstrike_2022_09 { +rule backdoor_win_sidewinder_cobaltstrike_2022_09 { meta: id = "b5e8f87a-4a2c-49bb-aa98-bf3fb5056b23" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_spacecolon.yar b/yara_rules/backdoor_win_spacecolon.yar similarity index 97% rename from yara_rules/sekoiaio_backdoor_win_spacecolon.yar rename to yara_rules/backdoor_win_spacecolon.yar index d0f4826..dfb4459 100644 --- a/yara_rules/sekoiaio_backdoor_win_spacecolon.yar +++ b/yara_rules/backdoor_win_spacecolon.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_spacecolon { +rule backdoor_win_spacecolon { meta: id = "ae09f0e2-e913-44d5-abe1-715170368cc8" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_sponsor.yar b/yara_rules/backdoor_win_sponsor.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_win_sponsor.yar rename to yara_rules/backdoor_win_sponsor.yar index 0c79e2f..806d415 100644 --- a/yara_rules/sekoiaio_backdoor_win_sponsor.yar +++ b/yara_rules/backdoor_win_sponsor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_sponsor { +rule backdoor_win_sponsor { meta: id = "d410cdb7-a2a8-481e-a90a-49ef15a7a0e3" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_volgmer.yar b/yara_rules/backdoor_win_volgmer.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_win_volgmer.yar rename to yara_rules/backdoor_win_volgmer.yar index 2bc5d2d..2356a72 100644 --- a/yara_rules/sekoiaio_backdoor_win_volgmer.yar +++ b/yara_rules/backdoor_win_volgmer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_volgmer { +rule backdoor_win_volgmer { meta: id = "9468a66d-787c-488f-937b-22617c7a2ded" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_warhawk.yar b/yara_rules/backdoor_win_warhawk.yar similarity index 98% rename from yara_rules/sekoiaio_backdoor_win_warhawk.yar rename to yara_rules/backdoor_win_warhawk.yar index c2a010f..3d74772 100644 --- a/yara_rules/sekoiaio_backdoor_win_warhawk.yar +++ b/yara_rules/backdoor_win_warhawk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_win_warhawk { +rule backdoor_win_warhawk { meta: id = "d0ec19a7-cb08-4bca-b153-d7b0358186b4" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_win_winordll64.yar b/yara_rules/backdoor_win_winordll64.yar similarity index 96% rename from yara_rules/sekoiaio_backdoor_win_winordll64.yar rename to yara_rules/backdoor_win_winordll64.yar index 232db4e..619e0d9 100644 --- a/yara_rules/sekoiaio_backdoor_win_winordll64.yar +++ b/yara_rules/backdoor_win_winordll64.yar @@ -1,7 +1,7 @@ import "hash" import "pe" -rule sekoiaio_backdoor_win_winordll64 { +rule backdoor_win_winordll64 { meta: id = "86a32538-bc69-47ea-9842-4af360588c27" version = "1.0" diff --git a/yara_rules/sekoiaio_backdoor_xploitspy_strings.yar b/yara_rules/backdoor_xploitspy_strings.yar similarity index 94% rename from yara_rules/sekoiaio_backdoor_xploitspy_strings.yar rename to yara_rules/backdoor_xploitspy_strings.yar index fc6ae11..3be36d9 100644 --- a/yara_rules/sekoiaio_backdoor_xploitspy_strings.yar +++ b/yara_rules/backdoor_xploitspy_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_backdoor_xploitspy_strings { +rule backdoor_xploitspy_strings { meta: id = "0aa86c2e-dba6-4ef4-a47e-f1b43e04f1f3" version = "1.0" diff --git a/yara_rules/sekoiaio_backoor_win_gobear.yar b/yara_rules/backoor_win_gobear.yar similarity index 95% rename from yara_rules/sekoiaio_backoor_win_gobear.yar rename to yara_rules/backoor_win_gobear.yar index 96afb17..26bd95e 100644 --- a/yara_rules/sekoiaio_backoor_win_gobear.yar +++ b/yara_rules/backoor_win_gobear.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_backoor_win_gobear { +rule backoor_win_gobear { meta: id = "f922bf1b-652e-4a2f-91e9-76ecd2e3bf6a" version = "1.0" diff --git a/yara_rules/sekoiaio_backoor_win_tinyturla_ng.yar b/yara_rules/backoor_win_tinyturla_ng.yar similarity index 95% rename from yara_rules/sekoiaio_backoor_win_tinyturla_ng.yar rename to yara_rules/backoor_win_tinyturla_ng.yar index 41c9624..97a6cab 100644 --- a/yara_rules/sekoiaio_backoor_win_tinyturla_ng.yar +++ b/yara_rules/backoor_win_tinyturla_ng.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_backoor_win_tinyturla_ng { +rule backoor_win_tinyturla_ng { meta: id = "019043bb-0212-4b73-bc93-03e9a746d28d" version = "1.0" diff --git a/yara_rules/sekoiaio_bot_lin_enemybot_april22.yar b/yara_rules/bot_lin_enemybot_april22.yar similarity index 96% rename from yara_rules/sekoiaio_bot_lin_enemybot_april22.yar rename to yara_rules/bot_lin_enemybot_april22.yar index 75571ee..b54b990 100644 --- a/yara_rules/sekoiaio_bot_lin_enemybot_april22.yar +++ b/yara_rules/bot_lin_enemybot_april22.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bot_lin_enemybot_april22 { +rule bot_lin_enemybot_april22 { meta: id = "5778c653-39ce-4f5d-b10b-1503b74e5041" version = "1.0" diff --git a/yara_rules/sekoiaio_bot_lin_kinsing_strings.yar b/yara_rules/bot_lin_kinsing_strings.yar similarity index 94% rename from yara_rules/sekoiaio_bot_lin_kinsing_strings.yar rename to yara_rules/bot_lin_kinsing_strings.yar index 19451b3..51c0344 100644 --- a/yara_rules/sekoiaio_bot_lin_kinsing_strings.yar +++ b/yara_rules/bot_lin_kinsing_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bot_lin_kinsing_strings { +rule bot_lin_kinsing_strings { meta: id = "ce41b6d0-bc22-4a85-a3bb-ed3234871524" version = "1.0" diff --git a/yara_rules/sekoiaio_bot_lin_lucifer_strings.yar b/yara_rules/bot_lin_lucifer_strings.yar similarity index 94% rename from yara_rules/sekoiaio_bot_lin_lucifer_strings.yar rename to yara_rules/bot_lin_lucifer_strings.yar index ebad970..9f5651d 100644 --- a/yara_rules/sekoiaio_bot_lin_lucifer_strings.yar +++ b/yara_rules/bot_lin_lucifer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bot_lin_lucifer_strings { +rule bot_lin_lucifer_strings { meta: id = "c341b6d0-bc22-4a85-aebb-ed323487f524" version = "1.0" diff --git a/yara_rules/sekoiaio_bot_lin_xorddos_strings.yar b/yara_rules/bot_lin_xorddos_strings.yar similarity index 95% rename from yara_rules/sekoiaio_bot_lin_xorddos_strings.yar rename to yara_rules/bot_lin_xorddos_strings.yar index 74afcfd..ec7cf1d 100644 --- a/yara_rules/sekoiaio_bot_lin_xorddos_strings.yar +++ b/yara_rules/bot_lin_xorddos_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bot_lin_xorddos_strings { +rule bot_lin_xorddos_strings { meta: id = "2f5c70a3-fe3f-4091-905d-d779bd0cb2cd" version = "1.0" diff --git a/yara_rules/sekoiaio_bot_lin_zerobot_dec22.yar b/yara_rules/bot_lin_zerobot_dec22.yar similarity index 96% rename from yara_rules/sekoiaio_bot_lin_zerobot_dec22.yar rename to yara_rules/bot_lin_zerobot_dec22.yar index 2c9b4b9..c9abe69 100644 --- a/yara_rules/sekoiaio_bot_lin_zerobot_dec22.yar +++ b/yara_rules/bot_lin_zerobot_dec22.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bot_lin_zerobot_dec22 { +rule bot_lin_zerobot_dec22 { meta: id = "ce028297-a526-4a6a-95db-8762fb5895f6" version = "1.0" diff --git a/yara_rules/sekoiaio_bot_win_yamabot.yar b/yara_rules/bot_win_yamabot.yar similarity index 96% rename from yara_rules/sekoiaio_bot_win_yamabot.yar rename to yara_rules/bot_win_yamabot.yar index 1f9c63e..2b52fa4 100644 --- a/yara_rules/sekoiaio_bot_win_yamabot.yar +++ b/yara_rules/bot_win_yamabot.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bot_win_yamabot { +rule bot_win_yamabot { meta: id = "9f5b85c4-59e3-448f-b054-5b4932ee89bb" version = "1.0" diff --git a/yara_rules/sekoiaio_botnet_lin_tsunami.yar b/yara_rules/botnet_lin_tsunami.yar similarity index 94% rename from yara_rules/sekoiaio_botnet_lin_tsunami.yar rename to yara_rules/botnet_lin_tsunami.yar index 2af37f6..d31f566 100644 --- a/yara_rules/sekoiaio_botnet_lin_tsunami.yar +++ b/yara_rules/botnet_lin_tsunami.yar @@ -1,4 +1,4 @@ -rule sekoiaio_botnet_lin_tsunami { +rule botnet_lin_tsunami { meta: id = "65d2ff89-064f-489a-a215-33197926a62d" version = "1.0" diff --git a/yara_rules/sekoiaio_builder_win_royalroad_rtf.yar b/yara_rules/builder_win_royalroad_rtf.yar similarity index 91% rename from yara_rules/sekoiaio_builder_win_royalroad_rtf.yar rename to yara_rules/builder_win_royalroad_rtf.yar index 6932649..07fae26 100644 --- a/yara_rules/sekoiaio_builder_win_royalroad_rtf.yar +++ b/yara_rules/builder_win_royalroad_rtf.yar @@ -1,4 +1,4 @@ -rule sekoiaio_builder_win_royalroad_rtf { +rule builder_win_royalroad_rtf { meta: id = "065e798b-eadd-4aac-a444-de61b75f0273" description = "Detects RoyalRoad weaponized RTF documents" diff --git a/yara_rules/sekoiaio_bumblebee_loader.yar b/yara_rules/bumblebee_loader.yar similarity index 95% rename from yara_rules/sekoiaio_bumblebee_loader.yar rename to yara_rules/bumblebee_loader.yar index 1108b29..55c5559 100644 --- a/yara_rules/sekoiaio_bumblebee_loader.yar +++ b/yara_rules/bumblebee_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_bumblebee_loader { +rule bumblebee_loader { meta: id = "8fd795c7-6896-498c-a892-de9da6427b60" version = "1.0" diff --git a/yara_rules/sekoiaio_bumblebee_vhd.yar b/yara_rules/bumblebee_vhd.yar similarity index 95% rename from yara_rules/sekoiaio_bumblebee_vhd.yar rename to yara_rules/bumblebee_vhd.yar index 00ec839..ff1eda2 100644 --- a/yara_rules/sekoiaio_bumblebee_vhd.yar +++ b/yara_rules/bumblebee_vhd.yar @@ -1,6 +1,6 @@ import "magic" -rule sekoiaio_bumblebee_vhd { +rule bumblebee_vhd { meta: id = "0a9d1ffa-a3ff-4b15-b660-b4c132d5a415" version = "1.0" diff --git a/yara_rules/sekoiaio_clipper_win_atlas_strings.yar b/yara_rules/clipper_win_atlas_strings.yar similarity index 93% rename from yara_rules/sekoiaio_clipper_win_atlas_strings.yar rename to yara_rules/clipper_win_atlas_strings.yar index 7b33a75..8d25680 100644 --- a/yara_rules/sekoiaio_clipper_win_atlas_strings.yar +++ b/yara_rules/clipper_win_atlas_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_clipper_win_atlas_strings { +rule clipper_win_atlas_strings { meta: id = "f08c6af6-c325-4f7d-8686-575b25550d6a" version = "1.0" diff --git a/yara_rules/sekoiaio_clipper_win_cryptoclippy.yar b/yara_rules/clipper_win_cryptoclippy.yar similarity index 95% rename from yara_rules/sekoiaio_clipper_win_cryptoclippy.yar rename to yara_rules/clipper_win_cryptoclippy.yar index 9bcd02d..94f5123 100644 --- a/yara_rules/sekoiaio_clipper_win_cryptoclippy.yar +++ b/yara_rules/clipper_win_cryptoclippy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_clipper_win_cryptoclippy { +rule clipper_win_cryptoclippy { meta: id = "eaa98a8e-e29e-43a4-8b2d-2137d33d4116" version = "1.0" diff --git a/yara_rules/sekoiaio_clwiper_strings.yar b/yara_rules/clwiper_strings.yar similarity index 94% rename from yara_rules/sekoiaio_clwiper_strings.yar rename to yara_rules/clwiper_strings.yar index 75c181a..972241c 100644 --- a/yara_rules/sekoiaio_clwiper_strings.yar +++ b/yara_rules/clwiper_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_clwiper_strings { +rule clwiper_strings { meta: id = "91e531e2-8548-460f-88a8-cc09abb901e0" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_mainpowershellimplant.yar b/yara_rules/crime_sload_mainpowershellimplant.yar similarity index 96% rename from yara_rules/sekoiaio_crime_sload_mainpowershellimplant.yar rename to yara_rules/crime_sload_mainpowershellimplant.yar index dd1586b..15dfa98 100644 --- a/yara_rules/sekoiaio_crime_sload_mainpowershellimplant.yar +++ b/yara_rules/crime_sload_mainpowershellimplant.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_mainpowershellimplant { +rule crime_sload_mainpowershellimplant { meta: id = "09d268e7-d688-4390-856e-9e9ed47aec04" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_powershellarchiveexfiltrator_strings.yar b/yara_rules/crime_sload_powershellarchiveexfiltrator_strings.yar similarity index 86% rename from yara_rules/sekoiaio_crime_sload_powershellarchiveexfiltrator_strings.yar rename to yara_rules/crime_sload_powershellarchiveexfiltrator_strings.yar index 613b6f5..70c0921 100644 --- a/yara_rules/sekoiaio_crime_sload_powershellarchiveexfiltrator_strings.yar +++ b/yara_rules/crime_sload_powershellarchiveexfiltrator_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_powershellarchiveexfiltrator_strings { +rule crime_sload_powershellarchiveexfiltrator_strings { meta: id = "3934696a-2116-49cb-9f75-3740767ad6f3" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_scheduledtask_dropper_strings.yar b/yara_rules/crime_sload_scheduledtask_dropper_strings.yar similarity index 88% rename from yara_rules/sekoiaio_crime_sload_scheduledtask_dropper_strings.yar rename to yara_rules/crime_sload_scheduledtask_dropper_strings.yar index 37d7c98..a4700ec 100644 --- a/yara_rules/sekoiaio_crime_sload_scheduledtask_dropper_strings.yar +++ b/yara_rules/crime_sload_scheduledtask_dropper_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_scheduledtask_dropper_strings { +rule crime_sload_scheduledtask_dropper_strings { meta: id = "01c51da8-71a5-449f-a609-933c37bc2e63" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_vbs_downloader_strings_1.yar b/yara_rules/crime_sload_vbs_downloader_strings_1.yar similarity index 91% rename from yara_rules/sekoiaio_crime_sload_vbs_downloader_strings_1.yar rename to yara_rules/crime_sload_vbs_downloader_strings_1.yar index 48290ce..9fee230 100644 --- a/yara_rules/sekoiaio_crime_sload_vbs_downloader_strings_1.yar +++ b/yara_rules/crime_sload_vbs_downloader_strings_1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_vbs_downloader_strings_1 { +rule crime_sload_vbs_downloader_strings_1 { meta: id = "77ff0d21-9249-43b2-9a6d-87988a2dec3b" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_vbs_downloader_strings_2.yar b/yara_rules/crime_sload_vbs_downloader_strings_2.yar similarity index 91% rename from yara_rules/sekoiaio_crime_sload_vbs_downloader_strings_2.yar rename to yara_rules/crime_sload_vbs_downloader_strings_2.yar index e476e1a..f5e4930 100644 --- a/yara_rules/sekoiaio_crime_sload_vbs_downloader_strings_2.yar +++ b/yara_rules/crime_sload_vbs_downloader_strings_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_vbs_downloader_strings_2 { +rule crime_sload_vbs_downloader_strings_2 { meta: id = "77ff0d21-9249-43b2-9a6d-87988a2dec3b" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_vbs_wsf_downloader.yar b/yara_rules/crime_sload_vbs_wsf_downloader.yar similarity index 94% rename from yara_rules/sekoiaio_crime_sload_vbs_wsf_downloader.yar rename to yara_rules/crime_sload_vbs_wsf_downloader.yar index 969ce5a..b169c03 100644 --- a/yara_rules/sekoiaio_crime_sload_vbs_wsf_downloader.yar +++ b/yara_rules/crime_sload_vbs_wsf_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_vbs_wsf_downloader { +rule crime_sload_vbs_wsf_downloader { meta: id = "55d87205-5f8f-479a-a616-bf3fce571f03" version = "1.0" diff --git a/yara_rules/sekoiaio_crime_sload_zip_archives.yar b/yara_rules/crime_sload_zip_archives.yar similarity index 93% rename from yara_rules/sekoiaio_crime_sload_zip_archives.yar rename to yara_rules/crime_sload_zip_archives.yar index c969753..ff1ae16 100644 --- a/yara_rules/sekoiaio_crime_sload_zip_archives.yar +++ b/yara_rules/crime_sload_zip_archives.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crime_sload_zip_archives { +rule crime_sload_zip_archives { meta: id = "5335ad65-bca5-4937-8634-46cbd7aa1b0e" version = "1.0" diff --git a/yara_rules/sekoiaio_crimeware_njrat_strings.yar b/yara_rules/crimeware_njrat_strings.yar similarity index 94% rename from yara_rules/sekoiaio_crimeware_njrat_strings.yar rename to yara_rules/crimeware_njrat_strings.yar index 4915192..2485525 100644 --- a/yara_rules/sekoiaio_crimeware_njrat_strings.yar +++ b/yara_rules/crimeware_njrat_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crimeware_njrat_strings { +rule crimeware_njrat_strings { meta: id = "215807ae-fbcb-478d-8941-e0787b883669" version = "1.0" diff --git a/yara_rules/sekoiaio_crybercrime_prophetspider_proxy.yar b/yara_rules/crybercrime_prophetspider_proxy.yar similarity index 94% rename from yara_rules/sekoiaio_crybercrime_prophetspider_proxy.yar rename to yara_rules/crybercrime_prophetspider_proxy.yar index 80e3cb3..bf4e5dc 100644 --- a/yara_rules/sekoiaio_crybercrime_prophetspider_proxy.yar +++ b/yara_rules/crybercrime_prophetspider_proxy.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_crybercrime_prophetspider_proxy { +rule crybercrime_prophetspider_proxy { meta: id = "b7637fc3-bf81-40c4-869c-1c283574e0a7" version = "1.0" diff --git a/yara_rules/sekoiaio_crypter_vbs_to_exe.yar b/yara_rules/crypter_vbs_to_exe.yar similarity index 96% rename from yara_rules/sekoiaio_crypter_vbs_to_exe.yar rename to yara_rules/crypter_vbs_to_exe.yar index 4f4fb63..bf888d2 100644 --- a/yara_rules/sekoiaio_crypter_vbs_to_exe.yar +++ b/yara_rules/crypter_vbs_to_exe.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crypter_vbs_to_exe { +rule crypter_vbs_to_exe { meta: id = "33ed286f-3055-452e-952b-abaf11a543a1" version = "1.0" diff --git a/yara_rules/sekoiaio_crypter_win_dotrunpex.yar b/yara_rules/crypter_win_dotrunpex.yar similarity index 93% rename from yara_rules/sekoiaio_crypter_win_dotrunpex.yar rename to yara_rules/crypter_win_dotrunpex.yar index e44d70d..302debf 100644 --- a/yara_rules/sekoiaio_crypter_win_dotrunpex.yar +++ b/yara_rules/crypter_win_dotrunpex.yar @@ -1,4 +1,4 @@ -rule sekoiaio_crypter_win_dotrunpex { +rule crypter_win_dotrunpex { meta: id = "6fb4ffe0-3a5c-432c-8ae2-404bb5960c30" version = "1.0" diff --git a/yara_rules/sekoiaio_darkriver_encodedurl.yar b/yara_rules/darkriver_encodedurl.yar similarity index 95% rename from yara_rules/sekoiaio_darkriver_encodedurl.yar rename to yara_rules/darkriver_encodedurl.yar index 816e5dc..a367d58 100644 --- a/yara_rules/sekoiaio_darkriver_encodedurl.yar +++ b/yara_rules/darkriver_encodedurl.yar @@ -1,4 +1,4 @@ -rule sekoiaio_darkriver_encodedurl { +rule darkriver_encodedurl { meta: id = "60f1676f-dade-4376-9980-f510dff52ae5" version = "1.0" diff --git a/yara_rules/sekoiaio_dotnet_injector_new_payload.yar b/yara_rules/dotnet_injector_new_payload.yar similarity index 94% rename from yara_rules/sekoiaio_dotnet_injector_new_payload.yar rename to yara_rules/dotnet_injector_new_payload.yar index 8c57029..23c46bf 100644 --- a/yara_rules/sekoiaio_dotnet_injector_new_payload.yar +++ b/yara_rules/dotnet_injector_new_payload.yar @@ -1,6 +1,6 @@ import "dotnet" -rule sekoiaio_dotnet_injector_new_payload { +rule dotnet_injector_new_payload { meta: id = "b0a1d471-5381-4fa8-8563-7e72ecd15bed" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_kimsuky_lnk.yar b/yara_rules/downloader_kimsuky_lnk.yar similarity index 95% rename from yara_rules/sekoiaio_downloader_kimsuky_lnk.yar rename to yara_rules/downloader_kimsuky_lnk.yar index ca3d17e..10c2375 100644 --- a/yara_rules/sekoiaio_downloader_kimsuky_lnk.yar +++ b/yara_rules/downloader_kimsuky_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_kimsuky_lnk { +rule downloader_kimsuky_lnk { meta: id = "3831d115-7874-4bc9-aeb4-d2cb9bc2b5c9" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_mac_rustbucket.yar b/yara_rules/downloader_mac_rustbucket.yar similarity index 96% rename from yara_rules/sekoiaio_downloader_mac_rustbucket.yar rename to yara_rules/downloader_mac_rustbucket.yar index 4f90c1b..9d174c8 100644 --- a/yara_rules/sekoiaio_downloader_mac_rustbucket.yar +++ b/yara_rules/downloader_mac_rustbucket.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_mac_rustbucket { +rule downloader_mac_rustbucket { meta: id = "5a003b68-ad9a-47f9-b157-dd898181dac2" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_mac_rustbucket_swiftloader.yar b/yara_rules/downloader_mac_rustbucket_swiftloader.yar similarity index 92% rename from yara_rules/sekoiaio_downloader_mac_rustbucket_swiftloader.yar rename to yara_rules/downloader_mac_rustbucket_swiftloader.yar index 1f8e831..79746ed 100644 --- a/yara_rules/sekoiaio_downloader_mac_rustbucket_swiftloader.yar +++ b/yara_rules/downloader_mac_rustbucket_swiftloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_mac_rustbucket_swiftloader { +rule downloader_mac_rustbucket_swiftloader { meta: id = "bdbc95db-5d58-4c96-91f9-34b653e67f50" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_mac_smooth_operator.yar b/yara_rules/downloader_mac_smooth_operator.yar similarity index 89% rename from yara_rules/sekoiaio_downloader_mac_smooth_operator.yar rename to yara_rules/downloader_mac_smooth_operator.yar index 4024a9f..a3d1082 100644 --- a/yara_rules/sekoiaio_downloader_mac_smooth_operator.yar +++ b/yara_rules/downloader_mac_smooth_operator.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_mac_smooth_operator { +rule downloader_mac_smooth_operator { meta: id = "c132b3f0-f536-4a66-bcf8-2a95c258c414" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_andarloader.yar b/yara_rules/downloader_win_andarloader.yar similarity index 94% rename from yara_rules/sekoiaio_downloader_win_andarloader.yar rename to yara_rules/downloader_win_andarloader.yar index 4f69a09..e1e547a 100644 --- a/yara_rules/sekoiaio_downloader_win_andarloader.yar +++ b/yara_rules/downloader_win_andarloader.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_downloader_win_andarloader { +rule downloader_win_andarloader { meta: id = "96dd737e-601c-4370-9fa6-4bbafafae203" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_apt33_tickler.yar b/yara_rules/downloader_win_apt33_tickler.yar similarity index 97% rename from yara_rules/sekoiaio_downloader_win_apt33_tickler.yar rename to yara_rules/downloader_win_apt33_tickler.yar index 7f4daf9..9632847 100644 --- a/yara_rules/sekoiaio_downloader_win_apt33_tickler.yar +++ b/yara_rules/downloader_win_apt33_tickler.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_downloader_win_apt33_tickler { +rule downloader_win_apt33_tickler { meta: id = "e1f704d6-d527-479a-8311-d286c06768ac" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_cobianrat.yar b/yara_rules/downloader_win_cobianrat.yar similarity index 95% rename from yara_rules/sekoiaio_downloader_win_cobianrat.yar rename to yara_rules/downloader_win_cobianrat.yar index 005052a..573fbf3 100644 --- a/yara_rules/sekoiaio_downloader_win_cobianrat.yar +++ b/yara_rules/downloader_win_cobianrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_win_cobianrat { +rule downloader_win_cobianrat { meta: id = "7a86c17f-bf4e-4465-9488-244b75fc36f1" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_curl_agent.yar b/yara_rules/downloader_win_curl_agent.yar similarity index 93% rename from yara_rules/sekoiaio_downloader_win_curl_agent.yar rename to yara_rules/downloader_win_curl_agent.yar index ff25102..4da3376 100644 --- a/yara_rules/sekoiaio_downloader_win_curl_agent.yar +++ b/yara_rules/downloader_win_curl_agent.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_win_curl_agent { +rule downloader_win_curl_agent { meta: id = "ddeb2d8f-1b10-4a33-b768-d19412e8551a" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_donot.yar b/yara_rules/downloader_win_donot.yar similarity index 97% rename from yara_rules/sekoiaio_downloader_win_donot.yar rename to yara_rules/downloader_win_donot.yar index b2a8182..7944f07 100644 --- a/yara_rules/sekoiaio_downloader_win_donot.yar +++ b/yara_rules/downloader_win_donot.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_win_donot { +rule downloader_win_donot { meta: id = "31b153cc-a4b9-40a0-8bcb-ce1370645b4b" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_fake_tor_browser.yar b/yara_rules/downloader_win_fake_tor_browser.yar similarity index 92% rename from yara_rules/sekoiaio_downloader_win_fake_tor_browser.yar rename to yara_rules/downloader_win_fake_tor_browser.yar index d639cf5..e808d51 100644 --- a/yara_rules/sekoiaio_downloader_win_fake_tor_browser.yar +++ b/yara_rules/downloader_win_fake_tor_browser.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_downloader_win_fake_tor_browser { +rule downloader_win_fake_tor_browser { meta: id = "6b070ba6-490b-43c2-9a01-65812d829eeb" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_newsterminal.yar b/yara_rules/downloader_win_newsterminal.yar similarity index 95% rename from yara_rules/sekoiaio_downloader_win_newsterminal.yar rename to yara_rules/downloader_win_newsterminal.yar index acd6696..c008bb2 100644 --- a/yara_rules/sekoiaio_downloader_win_newsterminal.yar +++ b/yara_rules/downloader_win_newsterminal.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_win_newsterminal { +rule downloader_win_newsterminal { meta: id = "2f9aae45-e3bd-4d87-b336-5d141738952b" version = "1.0" diff --git a/yara_rules/sekoiaio_downloader_win_search.yar b/yara_rules/downloader_win_search.yar similarity index 94% rename from yara_rules/sekoiaio_downloader_win_search.yar rename to yara_rules/downloader_win_search.yar index 4b9f4bb..9cd54a4 100644 --- a/yara_rules/sekoiaio_downloader_win_search.yar +++ b/yara_rules/downloader_win_search.yar @@ -1,4 +1,4 @@ -rule sekoiaio_downloader_win_search { +rule downloader_win_search { meta: id = "8094ddda-6294-4dee-93cb-de79aaed1ec6" version = "1.0" diff --git a/yara_rules/sekoiaio_dropper_mac_lazarus_manuscrypt.yar b/yara_rules/dropper_mac_lazarus_manuscrypt.yar similarity index 93% rename from yara_rules/sekoiaio_dropper_mac_lazarus_manuscrypt.yar rename to yara_rules/dropper_mac_lazarus_manuscrypt.yar index 6d25f52..a9c5cf0 100644 --- a/yara_rules/sekoiaio_dropper_mac_lazarus_manuscrypt.yar +++ b/yara_rules/dropper_mac_lazarus_manuscrypt.yar @@ -1,4 +1,4 @@ -rule sekoiaio_dropper_mac_lazarus_manuscrypt { +rule dropper_mac_lazarus_manuscrypt { meta: id = "6138bd0c-1fcf-4586-b2b6-29955c7d6266" version = "1.0" diff --git a/yara_rules/sekoiaio_dropper_win_konni_cab.yar b/yara_rules/dropper_win_konni_cab.yar similarity index 92% rename from yara_rules/sekoiaio_dropper_win_konni_cab.yar rename to yara_rules/dropper_win_konni_cab.yar index 90be16c..d569e1c 100644 --- a/yara_rules/sekoiaio_dropper_win_konni_cab.yar +++ b/yara_rules/dropper_win_konni_cab.yar @@ -1,4 +1,4 @@ -rule sekoiaio_dropper_win_konni_cab { +rule dropper_win_konni_cab { meta: id = "87a209d5-667a-4a81-837a-660ab98c33c8" version = "1.0" diff --git a/yara_rules/sekoiaio_dropper_win_ninerat.yar b/yara_rules/dropper_win_ninerat.yar similarity index 97% rename from yara_rules/sekoiaio_dropper_win_ninerat.yar rename to yara_rules/dropper_win_ninerat.yar index 94530bf..f7e2765 100644 --- a/yara_rules/sekoiaio_dropper_win_ninerat.yar +++ b/yara_rules/dropper_win_ninerat.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_dropper_win_ninerat { +rule dropper_win_ninerat { meta: id = "798e3bee-4cee-4647-abda-3c3dcc602f0a" version = "1.0" diff --git a/yara_rules/sekoiaio_dropper_win_romcom_dropper.yar b/yara_rules/dropper_win_romcom_dropper.yar similarity index 95% rename from yara_rules/sekoiaio_dropper_win_romcom_dropper.yar rename to yara_rules/dropper_win_romcom_dropper.yar index 4b4ea04..7462514 100644 --- a/yara_rules/sekoiaio_dropper_win_romcom_dropper.yar +++ b/yara_rules/dropper_win_romcom_dropper.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_dropper_win_romcom_dropper { +rule dropper_win_romcom_dropper { meta: id = "ca1b7114-5a83-4620-a9e2-8228df2be7b1" version = "1.0" diff --git a/yara_rules/sekoiaio_dropper_win_selfau3.yar b/yara_rules/dropper_win_selfau3.yar similarity index 95% rename from yara_rules/sekoiaio_dropper_win_selfau3.yar rename to yara_rules/dropper_win_selfau3.yar index a0cbb1e..b7035ab 100644 --- a/yara_rules/sekoiaio_dropper_win_selfau3.yar +++ b/yara_rules/dropper_win_selfau3.yar @@ -1,4 +1,4 @@ -rule sekoiaio_dropper_win_selfau3 { +rule dropper_win_selfau3 { meta: id = "2d005a54-b013-40e9-b88a-30454e4b22af" version = "1.0" diff --git a/yara_rules/sekoiaio_emmenhtal_strings_hta_exe.yar b/yara_rules/emmenhtal_strings_hta_exe.yar similarity index 94% rename from yara_rules/sekoiaio_emmenhtal_strings_hta_exe.yar rename to yara_rules/emmenhtal_strings_hta_exe.yar index b72700e..883680f 100644 --- a/yara_rules/sekoiaio_emmenhtal_strings_hta_exe.yar +++ b/yara_rules/emmenhtal_strings_hta_exe.yar @@ -1,4 +1,4 @@ -rule sekoiaio_emmenhtal_strings_hta_exe { +rule emmenhtal_strings_hta_exe { meta: id = "64e08610-e8a4-4edd-8f6b-d4e8d2b47d87" version = "1.0" diff --git a/yara_rules/sekoiaio_evilnumpayload_fmtstr.yar b/yara_rules/evilnumpayload_fmtstr.yar similarity index 95% rename from yara_rules/sekoiaio_evilnumpayload_fmtstr.yar rename to yara_rules/evilnumpayload_fmtstr.yar index 0b3f3fb..8f92f50 100644 --- a/yara_rules/sekoiaio_evilnumpayload_fmtstr.yar +++ b/yara_rules/evilnumpayload_fmtstr.yar @@ -1,4 +1,4 @@ -rule sekoiaio_evilnumpayload_fmtstr { +rule evilnumpayload_fmtstr { meta: id = "980c58e4-e04d-4076-a92e-2c04ced19ece" version = "1.1" diff --git a/yara_rules/sekoiaio_exploit_cve20191458_strings.yar b/yara_rules/exploit_cve20191458_strings.yar similarity index 93% rename from yara_rules/sekoiaio_exploit_cve20191458_strings.yar rename to yara_rules/exploit_cve20191458_strings.yar index e57a9b1..ea42645 100644 --- a/yara_rules/sekoiaio_exploit_cve20191458_strings.yar +++ b/yara_rules/exploit_cve20191458_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_cve20191458_strings { +rule exploit_cve20191458_strings { meta: id = "0be4a550-0f0a-4596-ab32-aafaececf919" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_ez_pwnkit_strings.yar b/yara_rules/exploit_ez_pwnkit_strings.yar similarity index 91% rename from yara_rules/sekoiaio_exploit_ez_pwnkit_strings.yar rename to yara_rules/exploit_ez_pwnkit_strings.yar index eb404e7..cedb2d7 100644 --- a/yara_rules/sekoiaio_exploit_ez_pwnkit_strings.yar +++ b/yara_rules/exploit_ez_pwnkit_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_ez_pwnkit_strings { +rule exploit_ez_pwnkit_strings { meta: id = "24301f35-8174-4e0d-b14a-fc7e45a29b26" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_cve20177308_strings.yar b/yara_rules/exploit_linux_eop_cve20177308_strings.yar similarity index 91% rename from yara_rules/sekoiaio_exploit_linux_eop_cve20177308_strings.yar rename to yara_rules/exploit_linux_eop_cve20177308_strings.yar index f24a3f2..afca844 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_cve20177308_strings.yar +++ b/yara_rules/exploit_linux_eop_cve20177308_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_cve20177308_strings { +rule exploit_linux_eop_cve20177308_strings { meta: id = "72d225dd-386c-47d5-afb3-c6712c0bdd9a" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_cve202121974_exploit_strings.yar b/yara_rules/exploit_linux_eop_cve202121974_exploit_strings.yar similarity index 89% rename from yara_rules/sekoiaio_exploit_linux_eop_cve202121974_exploit_strings.yar rename to yara_rules/exploit_linux_eop_cve202121974_exploit_strings.yar index d452c86..d5f6a6a 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_cve202121974_exploit_strings.yar +++ b/yara_rules/exploit_linux_eop_cve202121974_exploit_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_cve202121974_exploit_strings { +rule exploit_linux_eop_cve202121974_exploit_strings { meta: id = "8e1fbbe5-7d51-48b4-80d5-90abff8cab9e" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_dirtyc0w_strings.yar b/yara_rules/exploit_linux_eop_dirtyc0w_strings.yar similarity index 90% rename from yara_rules/sekoiaio_exploit_linux_eop_dirtyc0w_strings.yar rename to yara_rules/exploit_linux_eop_dirtyc0w_strings.yar index 310abe6..44eb8b2 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_dirtyc0w_strings.yar +++ b/yara_rules/exploit_linux_eop_dirtyc0w_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_dirtyc0w_strings { +rule exploit_linux_eop_dirtyc0w_strings { meta: id = "f0551e56-b08f-4f6f-81df-f30fbb8ee7b8" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_dirtypipe_strings.yar b/yara_rules/exploit_linux_eop_dirtypipe_strings.yar similarity index 91% rename from yara_rules/sekoiaio_exploit_linux_eop_dirtypipe_strings.yar rename to yara_rules/exploit_linux_eop_dirtypipe_strings.yar index bcdf52f..41a74d0 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_dirtypipe_strings.yar +++ b/yara_rules/exploit_linux_eop_dirtypipe_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_dirtypipe_strings { +rule exploit_linux_eop_dirtypipe_strings { meta: id = "712d8a01-576e-4f43-a930-63dcdc535d93" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_polkit_pkexec_strings.yar b/yara_rules/exploit_linux_eop_polkit_pkexec_strings.yar similarity index 90% rename from yara_rules/sekoiaio_exploit_linux_eop_polkit_pkexec_strings.yar rename to yara_rules/exploit_linux_eop_polkit_pkexec_strings.yar index aaa972e..0fec24a 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_polkit_pkexec_strings.yar +++ b/yara_rules/exploit_linux_eop_polkit_pkexec_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_polkit_pkexec_strings { +rule exploit_linux_eop_polkit_pkexec_strings { meta: id = "de45c29e-432a-4e4f-b700-a016341d56d2" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_pwnkit_strings.yar b/yara_rules/exploit_linux_eop_pwnkit_strings.yar similarity index 92% rename from yara_rules/sekoiaio_exploit_linux_eop_pwnkit_strings.yar rename to yara_rules/exploit_linux_eop_pwnkit_strings.yar index b39f20f..1b8eaca 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_pwnkit_strings.yar +++ b/yara_rules/exploit_linux_eop_pwnkit_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_pwnkit_strings { +rule exploit_linux_eop_pwnkit_strings { meta: id = "8637c602-62da-4983-bcb7-ba546fb2ed82" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_rationallove_strings.yar b/yara_rules/exploit_linux_eop_rationallove_strings.yar similarity index 91% rename from yara_rules/sekoiaio_exploit_linux_eop_rationallove_strings.yar rename to yara_rules/exploit_linux_eop_rationallove_strings.yar index 2fd1c24..dcba700 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_rationallove_strings.yar +++ b/yara_rules/exploit_linux_eop_rationallove_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_rationallove_strings { +rule exploit_linux_eop_rationallove_strings { meta: id = "e71e026e-ca2c-42b7-b552-b3fd013676db" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar b/yara_rules/exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar similarity index 88% rename from yara_rules/sekoiaio_exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar rename to yara_rules/exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar index 0ac5ed2..72d8835 100644 --- a/yara_rules/sekoiaio_exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar +++ b/yara_rules/exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings { +rule exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings { meta: id = "5e0e73f5-4cb3-4a79-adac-578b17ed7660" version = "1.0" diff --git a/yara_rules/sekoiaio_exploit_win_cloudatlas_cve_2018_0798.yar b/yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar similarity index 93% rename from yara_rules/sekoiaio_exploit_win_cloudatlas_cve_2018_0798.yar rename to yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar index a89d3d1..295e0a7 100644 --- a/yara_rules/sekoiaio_exploit_win_cloudatlas_cve_2018_0798.yar +++ b/yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar @@ -1,4 +1,4 @@ -rule sekoiaio_exploit_win_cloudatlas_cve_2018_0798 { +rule exploit_win_cloudatlas_cve_2018_0798 { meta: id = "fcff4bc7-fe88-4546-bb5b-f2a1c2f8b0a5" version = "1.0" diff --git a/yara_rules/sekoiaio_gen_empire_onedrive_stager.yar b/yara_rules/gen_empire_onedrive_stager.yar similarity index 91% rename from yara_rules/sekoiaio_gen_empire_onedrive_stager.yar rename to yara_rules/gen_empire_onedrive_stager.yar index 8dc2a87..ca03f9c 100644 --- a/yara_rules/sekoiaio_gen_empire_onedrive_stager.yar +++ b/yara_rules/gen_empire_onedrive_stager.yar @@ -1,4 +1,4 @@ -rule sekoiaio_gen_empire_onedrive_stager { +rule gen_empire_onedrive_stager { meta: id = "2053416f-1f53-491e-9c70-787a04362d16" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_bat_script_mock_http_services.yar b/yara_rules/generic_bat_script_mock_http_services.yar similarity index 92% rename from yara_rules/sekoiaio_generic_bat_script_mock_http_services.yar rename to yara_rules/generic_bat_script_mock_http_services.yar index 21565cf..609cc73 100644 --- a/yara_rules/sekoiaio_generic_bat_script_mock_http_services.yar +++ b/yara_rules/generic_bat_script_mock_http_services.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_bat_script_mock_http_services { +rule generic_bat_script_mock_http_services { meta: id = "1cfbe5ba-6304-476d-8308-928100a85c16" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_perl_reverse_shell.yar b/yara_rules/generic_perl_reverse_shell.yar similarity index 91% rename from yara_rules/sekoiaio_generic_perl_reverse_shell.yar rename to yara_rules/generic_perl_reverse_shell.yar index 57da06c..5c275c8 100644 --- a/yara_rules/sekoiaio_generic_perl_reverse_shell.yar +++ b/yara_rules/generic_perl_reverse_shell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_perl_reverse_shell { +rule generic_perl_reverse_shell { meta: id = "4eb2ef0d-3ada-4566-bd82-8c75d6931acc" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_php_webshell.yar b/yara_rules/generic_php_webshell.yar similarity index 90% rename from yara_rules/sekoiaio_generic_php_webshell.yar rename to yara_rules/generic_php_webshell.yar index d102d5f..68b0c5a 100644 --- a/yara_rules/sekoiaio_generic_php_webshell.yar +++ b/yara_rules/generic_php_webshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_php_webshell { +rule generic_php_webshell { meta: id = "415a96bd-11a4-40e7-8335-ac1f1a99d17c" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_python_reverse_shell.yar b/yara_rules/generic_python_reverse_shell.yar similarity index 91% rename from yara_rules/sekoiaio_generic_python_reverse_shell.yar rename to yara_rules/generic_python_reverse_shell.yar index 4640b15..1f41a44 100644 --- a/yara_rules/sekoiaio_generic_python_reverse_shell.yar +++ b/yara_rules/generic_python_reverse_shell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_python_reverse_shell { +rule generic_python_reverse_shell { meta: id = "ab25f8db-e39d-4aa4-b431-cf5cd2e038e5" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_1.yar b/yara_rules/generic_sharpshooter_payload_1.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_1.yar rename to yara_rules/generic_sharpshooter_payload_1.yar index a305976..9d1d8ed 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_1.yar +++ b/yara_rules/generic_sharpshooter_payload_1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_1 { +rule generic_sharpshooter_payload_1 { meta: id = "82fd284a-47c2-4d29-9c80-f3affaa61a13" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_10.yar b/yara_rules/generic_sharpshooter_payload_10.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_10.yar rename to yara_rules/generic_sharpshooter_payload_10.yar index c67f28e..eb17a8c 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_10.yar +++ b/yara_rules/generic_sharpshooter_payload_10.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_10 { +rule generic_sharpshooter_payload_10 { meta: id = "477f8b92-e231-460c-8660-487d0a97f0e2" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_11.yar b/yara_rules/generic_sharpshooter_payload_11.yar similarity index 92% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_11.yar rename to yara_rules/generic_sharpshooter_payload_11.yar index b9c07d4..2067b81 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_11.yar +++ b/yara_rules/generic_sharpshooter_payload_11.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_11 { +rule generic_sharpshooter_payload_11 { meta: id = "703d2eb2-c9fd-4891-ba95-f94a8313618e" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_12.yar b/yara_rules/generic_sharpshooter_payload_12.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_12.yar rename to yara_rules/generic_sharpshooter_payload_12.yar index 28518bb..1b77b78 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_12.yar +++ b/yara_rules/generic_sharpshooter_payload_12.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_12 { +rule generic_sharpshooter_payload_12 { meta: id = "b69186cf-9825-4d90-be20-7caa9e7de61f" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_13.yar b/yara_rules/generic_sharpshooter_payload_13.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_13.yar rename to yara_rules/generic_sharpshooter_payload_13.yar index 6f8ccd6..14ef95e 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_13.yar +++ b/yara_rules/generic_sharpshooter_payload_13.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_13 { +rule generic_sharpshooter_payload_13 { meta: id = "2d61d7b8-5348-4cc8-9d41-61799b573e3b" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_2.yar b/yara_rules/generic_sharpshooter_payload_2.yar similarity index 90% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_2.yar rename to yara_rules/generic_sharpshooter_payload_2.yar index 4e0556c..0407a25 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_2.yar +++ b/yara_rules/generic_sharpshooter_payload_2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_2 { +rule generic_sharpshooter_payload_2 { meta: id = "02bc795f-b8e0-44d4-b475-310359867577" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_3.yar b/yara_rules/generic_sharpshooter_payload_3.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_3.yar rename to yara_rules/generic_sharpshooter_payload_3.yar index 493238c..0476d68 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_3.yar +++ b/yara_rules/generic_sharpshooter_payload_3.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_3 { +rule generic_sharpshooter_payload_3 { meta: id = "57b3ca9a-59c5-4b28-8eb9-36ff5b3633c2" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_4.yar b/yara_rules/generic_sharpshooter_payload_4.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_4.yar rename to yara_rules/generic_sharpshooter_payload_4.yar index 3477888..8f79629 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_4.yar +++ b/yara_rules/generic_sharpshooter_payload_4.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_4 { +rule generic_sharpshooter_payload_4 { meta: id = "b8327436-3f3d-441c-86b7-35cd30144dc2" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_5.yar b/yara_rules/generic_sharpshooter_payload_5.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_5.yar rename to yara_rules/generic_sharpshooter_payload_5.yar index 147f803..7d82e2d 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_5.yar +++ b/yara_rules/generic_sharpshooter_payload_5.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_5 { +rule generic_sharpshooter_payload_5 { meta: id = "cb4d266e-f2b7-4642-a223-57180e66a9a6" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_6.yar b/yara_rules/generic_sharpshooter_payload_6.yar similarity index 92% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_6.yar rename to yara_rules/generic_sharpshooter_payload_6.yar index f9b46c7..6cd50f4 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_6.yar +++ b/yara_rules/generic_sharpshooter_payload_6.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_6 { +rule generic_sharpshooter_payload_6 { meta: id = "53506a3e-b0d8-4a1e-88d9-485e829f25cb" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_7.yar b/yara_rules/generic_sharpshooter_payload_7.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_7.yar rename to yara_rules/generic_sharpshooter_payload_7.yar index cd1555f..dd0c3fa 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_7.yar +++ b/yara_rules/generic_sharpshooter_payload_7.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_7 { +rule generic_sharpshooter_payload_7 { meta: id = "de8069bb-59d7-4753-974a-f77c4b9e9bae" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_8.yar b/yara_rules/generic_sharpshooter_payload_8.yar similarity index 92% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_8.yar rename to yara_rules/generic_sharpshooter_payload_8.yar index 4058efe..3ba355b 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_8.yar +++ b/yara_rules/generic_sharpshooter_payload_8.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_8 { +rule generic_sharpshooter_payload_8 { meta: id = "e28a1cd3-f7b6-4a55-8229-484e0bbeb7cb" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_sharpshooter_payload_9.yar b/yara_rules/generic_sharpshooter_payload_9.yar similarity index 91% rename from yara_rules/sekoiaio_generic_sharpshooter_payload_9.yar rename to yara_rules/generic_sharpshooter_payload_9.yar index 59b47e1..ddae5f6 100644 --- a/yara_rules/sekoiaio_generic_sharpshooter_payload_9.yar +++ b/yara_rules/generic_sharpshooter_payload_9.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_sharpshooter_payload_9 { +rule generic_sharpshooter_payload_9 { meta: id = "e4283d6e-d829-4f21-ba60-9e6232519e54" version = "1.0" diff --git a/yara_rules/sekoiaio_generic_tor_hidden_service_leading_to_winports.yar b/yara_rules/generic_tor_hidden_service_leading_to_winports.yar similarity index 90% rename from yara_rules/sekoiaio_generic_tor_hidden_service_leading_to_winports.yar rename to yara_rules/generic_tor_hidden_service_leading_to_winports.yar index 743363c..5b53388 100644 --- a/yara_rules/sekoiaio_generic_tor_hidden_service_leading_to_winports.yar +++ b/yara_rules/generic_tor_hidden_service_leading_to_winports.yar @@ -1,4 +1,4 @@ -rule sekoiaio_generic_tor_hidden_service_leading_to_winports { +rule generic_tor_hidden_service_leading_to_winports { meta: id = "1e5c469b-f721-44af-87b3-1adf423719c1" version = "1.0" diff --git a/yara_rules/sekoiaio_guerrilla_lemongroup.yar b/yara_rules/guerrilla_lemongroup.yar similarity index 95% rename from yara_rules/sekoiaio_guerrilla_lemongroup.yar rename to yara_rules/guerrilla_lemongroup.yar index e06904e..c639f2c 100644 --- a/yara_rules/sekoiaio_guerrilla_lemongroup.yar +++ b/yara_rules/guerrilla_lemongroup.yar @@ -1,4 +1,4 @@ -rule sekoiaio_guerrilla_lemongroup { +rule guerrilla_lemongroup { meta: id = "df635b5a-a19a-48ab-9a3a-9723e265c71d" version = "1.0" diff --git a/yara_rules/sekoiaio_guloader_lnk_file.yar b/yara_rules/guloader_lnk_file.yar similarity index 93% rename from yara_rules/sekoiaio_guloader_lnk_file.yar rename to yara_rules/guloader_lnk_file.yar index 54c6c1e..26ed300 100644 --- a/yara_rules/sekoiaio_guloader_lnk_file.yar +++ b/yara_rules/guloader_lnk_file.yar @@ -1,4 +1,4 @@ -rule sekoiaio_guloader_lnk_file { +rule guloader_lnk_file { meta: id = "ecc07753-0910-445b-bf84-911b17195894" version = "1.0" diff --git a/yara_rules/sekoiaio_guloader_powershell_1.yar b/yara_rules/guloader_powershell_1.yar similarity index 93% rename from yara_rules/sekoiaio_guloader_powershell_1.yar rename to yara_rules/guloader_powershell_1.yar index fad647b..62337e4 100644 --- a/yara_rules/sekoiaio_guloader_powershell_1.yar +++ b/yara_rules/guloader_powershell_1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_guloader_powershell_1 { +rule guloader_powershell_1 { meta: id = "28c68991-db8b-4f00-b3a3-17286418a4ed" version = "1.0" diff --git a/yara_rules/sekoiaio_guloader_unpacker.yar b/yara_rules/guloader_unpacker.yar similarity index 94% rename from yara_rules/sekoiaio_guloader_unpacker.yar rename to yara_rules/guloader_unpacker.yar index b7f68f8..49fa73b 100644 --- a/yara_rules/sekoiaio_guloader_unpacker.yar +++ b/yara_rules/guloader_unpacker.yar @@ -1,4 +1,4 @@ -rule sekoiaio_guloader_unpacker { +rule guloader_unpacker { meta: id = "dee4cad4-e3b4-4a12-860b-ff750b119fa8" version = "1.0" diff --git a/yara_rules/sekoiaio_guloader_unpacker_decoded.yar b/yara_rules/guloader_unpacker_decoded.yar similarity index 92% rename from yara_rules/sekoiaio_guloader_unpacker_decoded.yar rename to yara_rules/guloader_unpacker_decoded.yar index 50e0760..07d4944 100644 --- a/yara_rules/sekoiaio_guloader_unpacker_decoded.yar +++ b/yara_rules/guloader_unpacker_decoded.yar @@ -1,4 +1,4 @@ -rule sekoiaio_guloader_unpacker_decoded { +rule guloader_unpacker_decoded { meta: id = "ca3f4fce-b3a1-4672-a2ca-29ea347eb23d" version = "1.0" diff --git a/yara_rules/sekoiaio_guloader_vbscript.yar b/yara_rules/guloader_vbscript.yar similarity index 93% rename from yara_rules/sekoiaio_guloader_vbscript.yar rename to yara_rules/guloader_vbscript.yar index a43bdb9..118652d 100644 --- a/yara_rules/sekoiaio_guloader_vbscript.yar +++ b/yara_rules/guloader_vbscript.yar @@ -1,4 +1,4 @@ -rule sekoiaio_guloader_vbscript { +rule guloader_vbscript { meta: id = "3472e403-b1e6-4fdf-9770-af42d505b556" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_credentialkatz.yar b/yara_rules/hacktool_credentialkatz.yar similarity index 97% rename from yara_rules/sekoiaio_hacktool_credentialkatz.yar rename to yara_rules/hacktool_credentialkatz.yar index a9395a6..ec37835 100644 --- a/yara_rules/sekoiaio_hacktool_credentialkatz.yar +++ b/yara_rules/hacktool_credentialkatz.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_credentialkatz { +rule hacktool_credentialkatz { meta: id = "4795d131-2625-40ca-bca6-02aac5030b55" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_defendercontrol_strings.yar b/yara_rules/hacktool_defendercontrol_strings.yar similarity index 91% rename from yara_rules/sekoiaio_hacktool_defendercontrol_strings.yar rename to yara_rules/hacktool_defendercontrol_strings.yar index 8aceea4..68617b1 100644 --- a/yara_rules/sekoiaio_hacktool_defendercontrol_strings.yar +++ b/yara_rules/hacktool_defendercontrol_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_defendercontrol_strings { +rule hacktool_defendercontrol_strings { meta: id = "c6587a46-5f9b-4bf0-9231-9d2505293557" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_dnscat2_strings.yar b/yara_rules/hacktool_dnscat2_strings.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_dnscat2_strings.yar rename to yara_rules/hacktool_dnscat2_strings.yar index 9171bbf..e305119 100644 --- a/yara_rules/sekoiaio_hacktool_dnscat2_strings.yar +++ b/yara_rules/hacktool_dnscat2_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_dnscat2_strings { +rule hacktool_dnscat2_strings { meta: id = "9655cdd7-c7fe-4033-bdd9-bdfcfd2bf827" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_duplicatedump_strings.yar b/yara_rules/hacktool_duplicatedump_strings.yar similarity index 93% rename from yara_rules/sekoiaio_hacktool_duplicatedump_strings.yar rename to yara_rules/hacktool_duplicatedump_strings.yar index 6229550..2e07f49 100644 --- a/yara_rules/sekoiaio_hacktool_duplicatedump_strings.yar +++ b/yara_rules/hacktool_duplicatedump_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_duplicatedump_strings { +rule hacktool_duplicatedump_strings { meta: id = "081d0124-4afe-418b-9767-3d987c0107ca" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_earthworm_strings.yar b/yara_rules/hacktool_earthworm_strings.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_earthworm_strings.yar rename to yara_rules/hacktool_earthworm_strings.yar index 3d7b165..8f4809b 100644 --- a/yara_rules/sekoiaio_hacktool_earthworm_strings.yar +++ b/yara_rules/hacktool_earthworm_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_earthworm_strings { +rule hacktool_earthworm_strings { meta: id = "6c9b0225-8c41-49f9-9745-245bc7ef942f" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_fscan_strings.yar b/yara_rules/hacktool_fscan_strings.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_fscan_strings.yar rename to yara_rules/hacktool_fscan_strings.yar index 5734ac2..17f307c 100644 --- a/yara_rules/sekoiaio_hacktool_fscan_strings.yar +++ b/yara_rules/hacktool_fscan_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_fscan_strings { +rule hacktool_fscan_strings { meta: id = "6bef80c3-370c-4168-9d88-3fac88f986b1" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_gtunnel_strings.yar b/yara_rules/hacktool_gtunnel_strings.yar similarity index 95% rename from yara_rules/sekoiaio_hacktool_gtunnel_strings.yar rename to yara_rules/hacktool_gtunnel_strings.yar index 3a6b547..c46db80 100644 --- a/yara_rules/sekoiaio_hacktool_gtunnel_strings.yar +++ b/yara_rules/hacktool_gtunnel_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_gtunnel_strings { +rule hacktool_gtunnel_strings { meta: id = "f20a4400-8ae6-4954-b643-0a8847f037f0" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_impacket_compiled_binary.yar b/yara_rules/hacktool_impacket_compiled_binary.yar similarity index 96% rename from yara_rules/sekoiaio_hacktool_impacket_compiled_binary.yar rename to yara_rules/hacktool_impacket_compiled_binary.yar index 778c785..b304729 100644 --- a/yara_rules/sekoiaio_hacktool_impacket_compiled_binary.yar +++ b/yara_rules/hacktool_impacket_compiled_binary.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_impacket_compiled_binary { +rule hacktool_impacket_compiled_binary { meta: id = "43936dcc-0d74-43dd-996a-c27a28cef283" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_iox_tunneling.yar b/yara_rules/hacktool_iox_tunneling.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_iox_tunneling.yar rename to yara_rules/hacktool_iox_tunneling.yar index 01f63c2..b2f246a 100644 --- a/yara_rules/sekoiaio_hacktool_iox_tunneling.yar +++ b/yara_rules/hacktool_iox_tunneling.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_iox_tunneling { +rule hacktool_iox_tunneling { meta: id = "45b31d67-95e9-405d-88ea-3f2006ef160a" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_ipmipwner_strings.yar b/yara_rules/hacktool_ipmipwner_strings.yar similarity index 91% rename from yara_rules/sekoiaio_hacktool_ipmipwner_strings.yar rename to yara_rules/hacktool_ipmipwner_strings.yar index 5e6365f..0527019 100644 --- a/yara_rules/sekoiaio_hacktool_ipmipwner_strings.yar +++ b/yara_rules/hacktool_ipmipwner_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_ipmipwner_strings { +rule hacktool_ipmipwner_strings { meta: id = "2ac736b5-33bb-477f-a98c-57cc2744d251" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_lazagne_strings.yar b/yara_rules/hacktool_lazagne_strings.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_lazagne_strings.yar rename to yara_rules/hacktool_lazagne_strings.yar index b71366d..b3c58b5 100644 --- a/yara_rules/sekoiaio_hacktool_lazagne_strings.yar +++ b/yara_rules/hacktool_lazagne_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_lazagne_strings { +rule hacktool_lazagne_strings { meta: id = "5a5e7a07-1252-48cc-ada5-46e796c4e00e" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_ligolo_relay_strings.yar b/yara_rules/hacktool_ligolo_relay_strings.yar similarity index 92% rename from yara_rules/sekoiaio_hacktool_ligolo_relay_strings.yar rename to yara_rules/hacktool_ligolo_relay_strings.yar index ae37c5c..bd5125b 100644 --- a/yara_rules/sekoiaio_hacktool_ligolo_relay_strings.yar +++ b/yara_rules/hacktool_ligolo_relay_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_ligolo_relay_strings { +rule hacktool_ligolo_relay_strings { meta: id = "1e32f2e5-b66b-4b55-9dd4-1402b2f627ed" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_ligolo_strings.yar b/yara_rules/hacktool_ligolo_strings.yar similarity index 93% rename from yara_rules/sekoiaio_hacktool_ligolo_strings.yar rename to yara_rules/hacktool_ligolo_strings.yar index d49b12e..b2ab70c 100644 --- a/yara_rules/sekoiaio_hacktool_ligolo_strings.yar +++ b/yara_rules/hacktool_ligolo_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_ligolo_strings { +rule hacktool_ligolo_strings { meta: id = "5013256b-eda3-417e-ac72-959055b01c7e" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_microsocks_strings.yar b/yara_rules/hacktool_microsocks_strings.yar similarity index 91% rename from yara_rules/sekoiaio_hacktool_microsocks_strings.yar rename to yara_rules/hacktool_microsocks_strings.yar index 2b91487..55ecf10 100644 --- a/yara_rules/sekoiaio_hacktool_microsocks_strings.yar +++ b/yara_rules/hacktool_microsocks_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_microsocks_strings { +rule hacktool_microsocks_strings { meta: id = "20e82008-249b-47a3-885b-7c4b04b31a57" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_mimikat_ssp_strings.yar b/yara_rules/hacktool_mimikat_ssp_strings.yar similarity index 92% rename from yara_rules/sekoiaio_hacktool_mimikat_ssp_strings.yar rename to yara_rules/hacktool_mimikat_ssp_strings.yar index 798b3ab..5ecd893 100644 --- a/yara_rules/sekoiaio_hacktool_mimikat_ssp_strings.yar +++ b/yara_rules/hacktool_mimikat_ssp_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_mimikat_ssp_strings { +rule hacktool_mimikat_ssp_strings { meta: id = "33b3620f-e02d-4d29-adcc-fea3b49ab780" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_mimikatz_obfuscated.yar b/yara_rules/hacktool_mimikatz_obfuscated.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_mimikatz_obfuscated.yar rename to yara_rules/hacktool_mimikatz_obfuscated.yar index f41550e..0d472f2 100644 --- a/yara_rules/sekoiaio_hacktool_mimikatz_obfuscated.yar +++ b/yara_rules/hacktool_mimikatz_obfuscated.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_mimikatz_obfuscated { +rule hacktool_mimikatz_obfuscated { meta: id = "bac4bb61-d250-4fc3-95a5-edd4e3c7ff83" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_mimilite.yar b/yara_rules/hacktool_mimilite.yar similarity index 96% rename from yara_rules/sekoiaio_hacktool_mimilite.yar rename to yara_rules/hacktool_mimilite.yar index 7bd637a..36cc7d8 100644 --- a/yara_rules/sekoiaio_hacktool_mimilite.yar +++ b/yara_rules/hacktool_mimilite.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_mimilite { +rule hacktool_mimilite { meta: id = "abb92a9d-0978-4ef2-b2cc-53ce6e83e3e4" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_nbtscan_strings.yar b/yara_rules/hacktool_nbtscan_strings.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_nbtscan_strings.yar rename to yara_rules/hacktool_nbtscan_strings.yar index 0539a09..627c74c 100644 --- a/yara_rules/sekoiaio_hacktool_nbtscan_strings.yar +++ b/yara_rules/hacktool_nbtscan_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_nbtscan_strings { +rule hacktool_nbtscan_strings { meta: id = "8883b56c-a085-459c-9ec6-a139ad5a2671" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_ntdsdumpex_strings.yar b/yara_rules/hacktool_ntdsdumpex_strings.yar similarity index 93% rename from yara_rules/sekoiaio_hacktool_ntdsdumpex_strings.yar rename to yara_rules/hacktool_ntdsdumpex_strings.yar index e16c65b..070daaa 100644 --- a/yara_rules/sekoiaio_hacktool_ntdsdumpex_strings.yar +++ b/yara_rules/hacktool_ntdsdumpex_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_ntdsdumpex_strings { +rule hacktool_ntdsdumpex_strings { meta: id = "9a0fe20a-49e9-4aaf-8f0e-d51800e0a6e0" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_ntospy_strings.yar b/yara_rules/hacktool_ntospy_strings.yar similarity index 92% rename from yara_rules/sekoiaio_hacktool_ntospy_strings.yar rename to yara_rules/hacktool_ntospy_strings.yar index 6912520..225b529 100644 --- a/yara_rules/sekoiaio_hacktool_ntospy_strings.yar +++ b/yara_rules/hacktool_ntospy_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_ntospy_strings { +rule hacktool_ntospy_strings { meta: id = "c3281666-6a31-4718-a9c0-82944c6fdcb0" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_pplblade_strings.yar b/yara_rules/hacktool_pplblade_strings.yar similarity index 92% rename from yara_rules/sekoiaio_hacktool_pplblade_strings.yar rename to yara_rules/hacktool_pplblade_strings.yar index 9adc9de..06ffc62 100644 --- a/yara_rules/sekoiaio_hacktool_pplblade_strings.yar +++ b/yara_rules/hacktool_pplblade_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_pplblade_strings { +rule hacktool_pplblade_strings { meta: id = "1a443621-fc95-4a70-873e-c1389943d4ab" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_rubeus_strings.yar b/yara_rules/hacktool_rubeus_strings.yar similarity index 93% rename from yara_rules/sekoiaio_hacktool_rubeus_strings.yar rename to yara_rules/hacktool_rubeus_strings.yar index 4af70d1..e8908f2 100644 --- a/yara_rules/sekoiaio_hacktool_rubeus_strings.yar +++ b/yara_rules/hacktool_rubeus_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_rubeus_strings { +rule hacktool_rubeus_strings { meta: id = "048cab99-c288-44c2-9dc6-74eed02ef8f5" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_sharpview_strings.yar b/yara_rules/hacktool_sharpview_strings.yar similarity index 93% rename from yara_rules/sekoiaio_hacktool_sharpview_strings.yar rename to yara_rules/hacktool_sharpview_strings.yar index 90e266e..e7adbfc 100644 --- a/yara_rules/sekoiaio_hacktool_sharpview_strings.yar +++ b/yara_rules/hacktool_sharpview_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_sharpview_strings { +rule hacktool_sharpview_strings { meta: id = "585ead98-36d0-402c-b527-4dec308cb1c9" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_socat_strings.yar b/yara_rules/hacktool_socat_strings.yar similarity index 92% rename from yara_rules/sekoiaio_hacktool_socat_strings.yar rename to yara_rules/hacktool_socat_strings.yar index 2ae2604..80547ae 100644 --- a/yara_rules/sekoiaio_hacktool_socat_strings.yar +++ b/yara_rules/hacktool_socat_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_socat_strings { +rule hacktool_socat_strings { meta: id = "7c7e4085-39b2-445e-a9ff-52f21936e714" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_stowaway_strings.yar b/yara_rules/hacktool_stowaway_strings.yar similarity index 94% rename from yara_rules/sekoiaio_hacktool_stowaway_strings.yar rename to yara_rules/hacktool_stowaway_strings.yar index 4360438..f4667df 100644 --- a/yara_rules/sekoiaio_hacktool_stowaway_strings.yar +++ b/yara_rules/hacktool_stowaway_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_stowaway_strings { +rule hacktool_stowaway_strings { meta: id = "a952b45a-269b-4075-bf72-16d6d863e97c" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_win_cookiekatz.yar b/yara_rules/hacktool_win_cookiekatz.yar similarity index 97% rename from yara_rules/sekoiaio_hacktool_win_cookiekatz.yar rename to yara_rules/hacktool_win_cookiekatz.yar index 3822809..432b9f2 100644 --- a/yara_rules/sekoiaio_hacktool_win_cookiekatz.yar +++ b/yara_rules/hacktool_win_cookiekatz.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_win_cookiekatz { +rule hacktool_win_cookiekatz { meta: id = "a32769bb-4ec4-46c7-9402-21afdf8d4293" version = "1.0" diff --git a/yara_rules/sekoiaio_hacktool_win_gmer.yar b/yara_rules/hacktool_win_gmer.yar similarity index 95% rename from yara_rules/sekoiaio_hacktool_win_gmer.yar rename to yara_rules/hacktool_win_gmer.yar index 1ba5fb7..d25ba56 100644 --- a/yara_rules/sekoiaio_hacktool_win_gmer.yar +++ b/yara_rules/hacktool_win_gmer.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_hacktool_win_gmer { +rule hacktool_win_gmer { meta: version = "1.0" description = "Dtect the GMER hacktool based string and UPX usage" diff --git a/yara_rules/sekoiaio_hacktool_win_powertool.yar b/yara_rules/hacktool_win_powertool.yar similarity index 95% rename from yara_rules/sekoiaio_hacktool_win_powertool.yar rename to yara_rules/hacktool_win_powertool.yar index 3f944f4..350aa9b 100644 --- a/yara_rules/sekoiaio_hacktool_win_powertool.yar +++ b/yara_rules/hacktool_win_powertool.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_win_powertool { +rule hacktool_win_powertool { meta: version = "1.0" description = "Detect PowerTool based on strings" diff --git a/yara_rules/sekoiaio_hacktool_win_processhacker.yar b/yara_rules/hacktool_win_processhacker.yar similarity index 92% rename from yara_rules/sekoiaio_hacktool_win_processhacker.yar rename to yara_rules/hacktool_win_processhacker.yar index 649132c..a987b49 100644 --- a/yara_rules/sekoiaio_hacktool_win_processhacker.yar +++ b/yara_rules/hacktool_win_processhacker.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_win_processhacker { +rule hacktool_win_processhacker { meta: version = "1.0" description = "Detect ProcessHacker hacktool" diff --git a/yara_rules/sekoiaio_hacktool_win_uknowseckeylogger.yar b/yara_rules/hacktool_win_uknowseckeylogger.yar similarity index 93% rename from yara_rules/sekoiaio_hacktool_win_uknowseckeylogger.yar rename to yara_rules/hacktool_win_uknowseckeylogger.yar index d1ee68b..1317348 100644 --- a/yara_rules/sekoiaio_hacktool_win_uknowseckeylogger.yar +++ b/yara_rules/hacktool_win_uknowseckeylogger.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hacktool_win_uknowseckeylogger { +rule hacktool_win_uknowseckeylogger { meta: version = "1.0" description = "Detect the uknowsec keylogger based on strings" diff --git a/yara_rules/sekoiaio_hafnium_tarrask_malware.yar b/yara_rules/hafnium_tarrask_malware.yar similarity index 91% rename from yara_rules/sekoiaio_hafnium_tarrask_malware.yar rename to yara_rules/hafnium_tarrask_malware.yar index 7cada34..4db8c14 100644 --- a/yara_rules/sekoiaio_hafnium_tarrask_malware.yar +++ b/yara_rules/hafnium_tarrask_malware.yar @@ -1,4 +1,4 @@ -rule sekoiaio_hafnium_tarrask_malware { +rule hafnium_tarrask_malware { meta: id = "6f1728d6-dc9b-4ea7-8656-2b069ee269a0" version = "1.0" diff --git a/yara_rules/sekoiaio_icebot_exported_function.yar b/yara_rules/icebot_exported_function.yar similarity index 99% rename from yara_rules/sekoiaio_icebot_exported_function.yar rename to yara_rules/icebot_exported_function.yar index 659ee1c..2b0c5b8 100644 --- a/yara_rules/sekoiaio_icebot_exported_function.yar +++ b/yara_rules/icebot_exported_function.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_icebot_exported_function { +rule icebot_exported_function { meta: id = "1a1fb651-6ce3-4751-be23-c27a3d8dabde" version = "1.0" diff --git a/yara_rules/sekoiaio_icedid_chm_ttp.yar b/yara_rules/icedid_chm_ttp.yar similarity index 95% rename from yara_rules/sekoiaio_icedid_chm_ttp.yar rename to yara_rules/icedid_chm_ttp.yar index 16e60ba..d6aad80 100644 --- a/yara_rules/sekoiaio_icedid_chm_ttp.yar +++ b/yara_rules/icedid_chm_ttp.yar @@ -1,6 +1,6 @@ import "magic" -rule sekoiaio_icedid_chm_ttp { +rule icedid_chm_ttp { meta: id = "cae771d4-a9cf-4325-81b3-c00090cbc05e" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_any_sliver.yar b/yara_rules/implant_any_sliver.yar similarity index 95% rename from yara_rules/sekoiaio_implant_any_sliver.yar rename to yara_rules/implant_any_sliver.yar index 52dda84..bc501cf 100644 --- a/yara_rules/sekoiaio_implant_any_sliver.yar +++ b/yara_rules/implant_any_sliver.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_any_sliver { +rule implant_any_sliver { meta: id = "4b16f28a-2048-4044-8620-8e7a1651f2b1" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_implant_any_sliver_not_stripped.yar b/yara_rules/implant_any_sliver_not_stripped.yar similarity index 93% rename from yara_rules/sekoiaio_implant_any_sliver_not_stripped.yar rename to yara_rules/implant_any_sliver_not_stripped.yar index fc27c57..c9e238a 100644 --- a/yara_rules/sekoiaio_implant_any_sliver_not_stripped.yar +++ b/yara_rules/implant_any_sliver_not_stripped.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_any_sliver_not_stripped { +rule implant_any_sliver_not_stripped { meta: id = "35543c7c-c39b-4f96-b37c-1d27736e40fc" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_implant_lin_geacon.yar b/yara_rules/implant_lin_geacon.yar similarity index 97% rename from yara_rules/sekoiaio_implant_lin_geacon.yar rename to yara_rules/implant_lin_geacon.yar index 54d4c70..81941a3 100644 --- a/yara_rules/sekoiaio_implant_lin_geacon.yar +++ b/yara_rules/implant_lin_geacon.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_lin_geacon { +rule implant_lin_geacon { meta: id = "ad71522e-270b-47d0-9c01-081f05a2b72a" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_lin_lightning.yar b/yara_rules/implant_lin_lightning.yar similarity index 95% rename from yara_rules/sekoiaio_implant_lin_lightning.yar rename to yara_rules/implant_lin_lightning.yar index 7b72488..d43c48a 100644 --- a/yara_rules/sekoiaio_implant_lin_lightning.yar +++ b/yara_rules/implant_lin_lightning.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_lin_lightning { +rule implant_lin_lightning { meta: id = "56f53e89-3b63-4ce7-a3c8-da0ba37246f1" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_mac_rustbucket.yar b/yara_rules/implant_mac_rustbucket.yar similarity index 94% rename from yara_rules/sekoiaio_implant_mac_rustbucket.yar rename to yara_rules/implant_mac_rustbucket.yar index 6ffb0d3..a7184c3 100644 --- a/yara_rules/sekoiaio_implant_mac_rustbucket.yar +++ b/yara_rules/implant_mac_rustbucket.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_mac_rustbucket { +rule implant_mac_rustbucket { meta: id = "fcbb745d-7f56-4c51-9db5-427da22a0c68" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_mac_smoothoperator_update_agent.yar b/yara_rules/implant_mac_smoothoperator_update_agent.yar similarity index 90% rename from yara_rules/sekoiaio_implant_mac_smoothoperator_update_agent.yar rename to yara_rules/implant_mac_smoothoperator_update_agent.yar index a11f538..1e4f9d2 100644 --- a/yara_rules/sekoiaio_implant_mac_smoothoperator_update_agent.yar +++ b/yara_rules/implant_mac_smoothoperator_update_agent.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_mac_smoothoperator_update_agent { +rule implant_mac_smoothoperator_update_agent { meta: id = "45a1d0d9-083b-4b4a-b53c-e5d86f804f01" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_macos_geacon.yar b/yara_rules/implant_macos_geacon.yar similarity index 97% rename from yara_rules/sekoiaio_implant_macos_geacon.yar rename to yara_rules/implant_macos_geacon.yar index f3ff72a..1e68d87 100644 --- a/yara_rules/sekoiaio_implant_macos_geacon.yar +++ b/yara_rules/implant_macos_geacon.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_macos_geacon { +rule implant_macos_geacon { meta: id = "a7784bfa-66a7-47df-b88b-d98217d8cca5" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_mul_alchimist.yar b/yara_rules/implant_mul_alchimist.yar similarity index 95% rename from yara_rules/sekoiaio_implant_mul_alchimist.yar rename to yara_rules/implant_mul_alchimist.yar index 28e865b..23f5946 100644 --- a/yara_rules/sekoiaio_implant_mul_alchimist.yar +++ b/yara_rules/implant_mul_alchimist.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_mul_alchimist { +rule implant_mul_alchimist { meta: version = "1.0" description = "Detect the Alchimist implant based on strings" diff --git a/yara_rules/sekoiaio_implant_win_apt29_2022_10.yar b/yara_rules/implant_win_apt29_2022_10.yar similarity index 94% rename from yara_rules/sekoiaio_implant_win_apt29_2022_10.yar rename to yara_rules/implant_win_apt29_2022_10.yar index 61e7ccc..d2684b1 100644 --- a/yara_rules/sekoiaio_implant_win_apt29_2022_10.yar +++ b/yara_rules/implant_win_apt29_2022_10.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_implant_win_apt29_2022_10 { +rule implant_win_apt29_2022_10 { meta: id = "0f270e75-f687-4fdc-a980-fde81107a4d6" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_flagpro.yar b/yara_rules/implant_win_flagpro.yar similarity index 97% rename from yara_rules/sekoiaio_implant_win_flagpro.yar rename to yara_rules/implant_win_flagpro.yar index c9c14ba..3099dc6 100644 --- a/yara_rules/sekoiaio_implant_win_flagpro.yar +++ b/yara_rules/implant_win_flagpro.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_win_flagpro { +rule implant_win_flagpro { meta: id = "08dd2de4-b359-424f-af04-7f294d519363" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_geacon.yar b/yara_rules/implant_win_geacon.yar similarity index 97% rename from yara_rules/sekoiaio_implant_win_geacon.yar rename to yara_rules/implant_win_geacon.yar index 6ebd042..2602689 100644 --- a/yara_rules/sekoiaio_implant_win_geacon.yar +++ b/yara_rules/implant_win_geacon.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_win_geacon { +rule implant_win_geacon { meta: id = "064eabe0-aee5-4e5e-9f5e-69b32b1ba0da" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_graphiron_downloader.yar b/yara_rules/implant_win_graphiron_downloader.yar similarity index 94% rename from yara_rules/sekoiaio_implant_win_graphiron_downloader.yar rename to yara_rules/implant_win_graphiron_downloader.yar index c845416..f9f248d 100644 --- a/yara_rules/sekoiaio_implant_win_graphiron_downloader.yar +++ b/yara_rules/implant_win_graphiron_downloader.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_implant_win_graphiron_downloader { +rule implant_win_graphiron_downloader { meta: id = "c50c4bd2-3828-43bf-b45c-8e911c298536" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_havoc_default_strings.yar b/yara_rules/implant_win_havoc_default_strings.yar similarity index 94% rename from yara_rules/sekoiaio_implant_win_havoc_default_strings.yar rename to yara_rules/implant_win_havoc_default_strings.yar index fe47c29..ea11f41 100644 --- a/yara_rules/sekoiaio_implant_win_havoc_default_strings.yar +++ b/yara_rules/implant_win_havoc_default_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_win_havoc_default_strings { +rule implant_win_havoc_default_strings { meta: version = "1.0" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_implant_win_incontroller.yar b/yara_rules/implant_win_incontroller.yar similarity index 98% rename from yara_rules/sekoiaio_implant_win_incontroller.yar rename to yara_rules/implant_win_incontroller.yar index a732cfa..3f9b4d6 100644 --- a/yara_rules/sekoiaio_implant_win_incontroller.yar +++ b/yara_rules/implant_win_incontroller.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_implant_win_incontroller { +rule implant_win_incontroller { meta: id = "c346c6ea-c5c0-4e9f-a632-1e8ed0286fbc" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_knotweed_jumplump.yar b/yara_rules/implant_win_knotweed_jumplump.yar similarity index 98% rename from yara_rules/sekoiaio_implant_win_knotweed_jumplump.yar rename to yara_rules/implant_win_knotweed_jumplump.yar index f401365..553ae11 100644 --- a/yara_rules/sekoiaio_implant_win_knotweed_jumplump.yar +++ b/yara_rules/implant_win_knotweed_jumplump.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_implant_win_knotweed_jumplump { +rule implant_win_knotweed_jumplump { meta: id = "8f8cec7a-624b-4306-87f4-bde8ccc3a2d0" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_lyceum.yar b/yara_rules/implant_win_lyceum.yar similarity index 96% rename from yara_rules/sekoiaio_implant_win_lyceum.yar rename to yara_rules/implant_win_lyceum.yar index 9d82143..c56ca8c 100644 --- a/yara_rules/sekoiaio_implant_win_lyceum.yar +++ b/yara_rules/implant_win_lyceum.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_implant_win_lyceum { +rule implant_win_lyceum { meta: id = "e061562f-9c17-4ef4-b7f9-2c6708bb6570" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_magicrat.yar b/yara_rules/implant_win_magicrat.yar similarity index 96% rename from yara_rules/sekoiaio_implant_win_magicrat.yar rename to yara_rules/implant_win_magicrat.yar index c3c0ebb..c4b63e1 100644 --- a/yara_rules/sekoiaio_implant_win_magicrat.yar +++ b/yara_rules/implant_win_magicrat.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_implant_win_magicrat { +rule implant_win_magicrat { meta: id = "74973682-b214-48ee-98c3-f4b6bef76587" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_mysterysnail.yar b/yara_rules/implant_win_mysterysnail.yar similarity index 97% rename from yara_rules/sekoiaio_implant_win_mysterysnail.yar rename to yara_rules/implant_win_mysterysnail.yar index 9477eee..7da5e8b 100644 --- a/yara_rules/sekoiaio_implant_win_mysterysnail.yar +++ b/yara_rules/implant_win_mysterysnail.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_implant_win_mysterysnail { +rule implant_win_mysterysnail { meta: id = "dfd2eba8-eb9c-411a-b5e0-663593453e3d" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_pingpull.yar b/yara_rules/implant_win_pingpull.yar similarity index 93% rename from yara_rules/sekoiaio_implant_win_pingpull.yar rename to yara_rules/implant_win_pingpull.yar index 8979e6c..5ff192b 100644 --- a/yara_rules/sekoiaio_implant_win_pingpull.yar +++ b/yara_rules/implant_win_pingpull.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_win_pingpull { +rule implant_win_pingpull { meta: id = "521615d4-912b-4581-b5a9-a8b158ac9496" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_quantum_builder_lnk.yar b/yara_rules/implant_win_quantum_builder_lnk.yar similarity index 96% rename from yara_rules/sekoiaio_implant_win_quantum_builder_lnk.yar rename to yara_rules/implant_win_quantum_builder_lnk.yar index c54aaf3..eb18bac 100644 --- a/yara_rules/sekoiaio_implant_win_quantum_builder_lnk.yar +++ b/yara_rules/implant_win_quantum_builder_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_win_quantum_builder_lnk { +rule implant_win_quantum_builder_lnk { meta: id = "65f8a426-8bf3-4f7f-b7d2-fd8da5b660f7" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_quasarrat.yar b/yara_rules/implant_win_quasarrat.yar similarity index 96% rename from yara_rules/sekoiaio_implant_win_quasarrat.yar rename to yara_rules/implant_win_quasarrat.yar index 169f1a5..ca30238 100644 --- a/yara_rules/sekoiaio_implant_win_quasarrat.yar +++ b/yara_rules/implant_win_quasarrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_implant_win_quasarrat { +rule implant_win_quasarrat { meta: id = "492fdffc-8e5f-4225-a2eb-cd6d80e6bcb8" version = "1.0" diff --git a/yara_rules/sekoiaio_implant_win_sliver_dll.yar b/yara_rules/implant_win_sliver_dll.yar similarity index 95% rename from yara_rules/sekoiaio_implant_win_sliver_dll.yar rename to yara_rules/implant_win_sliver_dll.yar index 330cdd9..747b0c8 100644 --- a/yara_rules/sekoiaio_implant_win_sliver_dll.yar +++ b/yara_rules/implant_win_sliver_dll.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_implant_win_sliver_dll { +rule implant_win_sliver_dll { meta: id = "41d83011-a08b-4245-b633-79fe6afaa4d2" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_in2al5d_p3in4er_loader.yar b/yara_rules/in2al5d_p3in4er_loader.yar similarity index 92% rename from yara_rules/sekoiaio_in2al5d_p3in4er_loader.yar rename to yara_rules/in2al5d_p3in4er_loader.yar index 91ba4a2..57c8bc4 100644 --- a/yara_rules/sekoiaio_in2al5d_p3in4er_loader.yar +++ b/yara_rules/in2al5d_p3in4er_loader.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_in2al5d_p3in4er_loader { +rule in2al5d_p3in4er_loader { meta: id = "6dd3046d-55fb-4bcc-8735-dbc0add4d570" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_mac_realst.yar b/yara_rules/infostealer_mac_realst.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_mac_realst.yar rename to yara_rules/infostealer_mac_realst.yar index b0ed7df..e8f4663 100644 --- a/yara_rules/sekoiaio_infostealer_mac_realst.yar +++ b/yara_rules/infostealer_mac_realst.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_mac_realst { +rule infostealer_mac_realst { meta: id = "16a89317-c92d-4e13-94d3-a85a915f52e5" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_44caliber.yar b/yara_rules/infostealer_win_44caliber.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_44caliber.yar rename to yara_rules/infostealer_win_44caliber.yar index f228aec..6d4e7b9 100644 --- a/yara_rules/sekoiaio_infostealer_win_44caliber.yar +++ b/yara_rules/infostealer_win_44caliber.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_44caliber { +rule infostealer_win_44caliber { meta: id = "44e5bbc1-f442-47d3-8431-25182f38439d" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_acridrain_mar23.yar b/yara_rules/infostealer_win_acridrain_mar23.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_acridrain_mar23.yar rename to yara_rules/infostealer_win_acridrain_mar23.yar index eec5586..067c377 100644 --- a/yara_rules/sekoiaio_infostealer_win_acridrain_mar23.yar +++ b/yara_rules/infostealer_win_acridrain_mar23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_acridrain_mar23 { +rule infostealer_win_acridrain_mar23 { meta: id = "049b502a-0fb6-4fa9-a1ce-f01a40269bdb" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_acrstealer_str.yar b/yara_rules/infostealer_win_acrstealer_str.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_acrstealer_str.yar rename to yara_rules/infostealer_win_acrstealer_str.yar index 476062a..3f6df98 100644 --- a/yara_rules/sekoiaio_infostealer_win_acrstealer_str.yar +++ b/yara_rules/infostealer_win_acrstealer_str.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_acrstealer_str { +rule infostealer_win_acrstealer_str { meta: id = "63b4d6ff-0cab-44ec-9d53-bb2612371a48" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_agrat.yar b/yara_rules/infostealer_win_agrat.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_agrat.yar rename to yara_rules/infostealer_win_agrat.yar index f358722..b5fe247 100644 --- a/yara_rules/sekoiaio_infostealer_win_agrat.yar +++ b/yara_rules/infostealer_win_agrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_agrat { +rule infostealer_win_agrat { meta: id = "472effe8-5044-4ca1-88e0-3e19d445b9d1" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_aurora.yar b/yara_rules/infostealer_win_aurora.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_aurora.yar rename to yara_rules/infostealer_win_aurora.yar index 6dea724..1520500 100644 --- a/yara_rules/sekoiaio_infostealer_win_aurora.yar +++ b/yara_rules/infostealer_win_aurora.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_aurora { +rule infostealer_win_aurora { meta: version = "1.0" description = "Finds Aurora samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_infostealer_win_aurora_str.yar b/yara_rules/infostealer_win_aurora_str.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_aurora_str.yar rename to yara_rules/infostealer_win_aurora_str.yar index 54c3a60..c53bf00 100644 --- a/yara_rules/sekoiaio_infostealer_win_aurora_str.yar +++ b/yara_rules/infostealer_win_aurora_str.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_infostealer_win_aurora_str { +rule infostealer_win_aurora_str { meta: version = "1.0" description = "Finds Aurora botnet samples based on characteristic strings." diff --git a/yara_rules/sekoiaio_infostealer_win_banditstealer.yar b/yara_rules/infostealer_win_banditstealer.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_banditstealer.yar rename to yara_rules/infostealer_win_banditstealer.yar index 802bec4..8f3d5c2 100644 --- a/yara_rules/sekoiaio_infostealer_win_banditstealer.yar +++ b/yara_rules/infostealer_win_banditstealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_banditstealer { +rule infostealer_win_banditstealer { meta: id = "d1e45a5c-c06d-4161-8d30-fa94bcf0ea7a" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_bebra.yar b/yara_rules/infostealer_win_bebra.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_bebra.yar rename to yara_rules/infostealer_win_bebra.yar index 33e8c2b..0b7c550 100644 --- a/yara_rules/sekoiaio_infostealer_win_bebra.yar +++ b/yara_rules/infostealer_win_bebra.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_bebra { +rule infostealer_win_bebra { meta: id = "e84d04a7-1232-47e5-b797-ac8e56066796" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_blackcap.yar b/yara_rules/infostealer_win_blackcap.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_blackcap.yar rename to yara_rules/infostealer_win_blackcap.yar index cc531fb..38b4321 100644 --- a/yara_rules/sekoiaio_infostealer_win_blackcap.yar +++ b/yara_rules/infostealer_win_blackcap.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_blackcap { +rule infostealer_win_blackcap { meta: id = "1aa1fadb-3413-46e2-b733-1ad2134f7be2" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_blackguard_mar23.yar b/yara_rules/infostealer_win_blackguard_mar23.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_blackguard_mar23.yar rename to yara_rules/infostealer_win_blackguard_mar23.yar index 8d8aab0..e1f4772 100644 --- a/yara_rules/sekoiaio_infostealer_win_blackguard_mar23.yar +++ b/yara_rules/infostealer_win_blackguard_mar23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_blackguard_mar23 { +rule infostealer_win_blackguard_mar23 { meta: id = "65804d31-2a0c-4b22-a8d9-8cbe1497f155" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_blustealer.yar b/yara_rules/infostealer_win_blustealer.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_blustealer.yar rename to yara_rules/infostealer_win_blustealer.yar index c83e20c..15f2b0b 100644 --- a/yara_rules/sekoiaio_infostealer_win_blustealer.yar +++ b/yara_rules/infostealer_win_blustealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_blustealer { +rule infostealer_win_blustealer { meta: version = "1.0" description = "Detect the BluStealer infostealer based on characteristic strings" diff --git a/yara_rules/sekoiaio_infostealer_win_cinoshistealer.yar b/yara_rules/infostealer_win_cinoshistealer.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_cinoshistealer.yar rename to yara_rules/infostealer_win_cinoshistealer.yar index 95198e8..fe8367d 100644 --- a/yara_rules/sekoiaio_infostealer_win_cinoshistealer.yar +++ b/yara_rules/infostealer_win_cinoshistealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_cinoshistealer { +rule infostealer_win_cinoshistealer { meta: id = "2e9c066b-d5e3-4a25-8954-c10af285bcd3" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_daolpu_str.yar b/yara_rules/infostealer_win_daolpu_str.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_daolpu_str.yar rename to yara_rules/infostealer_win_daolpu_str.yar index cf6528d..211264f 100644 --- a/yara_rules/sekoiaio_infostealer_win_daolpu_str.yar +++ b/yara_rules/infostealer_win_daolpu_str.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_daolpu_str { +rule infostealer_win_daolpu_str { meta: id = "dde1cf12-48d8-45b6-b453-b7196e6b1271" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_doenerium_str.yar b/yara_rules/infostealer_win_doenerium_str.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_doenerium_str.yar rename to yara_rules/infostealer_win_doenerium_str.yar index bf3263a..ea43c0a 100644 --- a/yara_rules/sekoiaio_infostealer_win_doenerium_str.yar +++ b/yara_rules/infostealer_win_doenerium_str.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_doenerium_str { +rule infostealer_win_doenerium_str { meta: id = "1645a86f-1063-4e98-a1fa-85fc8c4e9691" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_ducklogs.yar b/yara_rules/infostealer_win_ducklogs.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_ducklogs.yar rename to yara_rules/infostealer_win_ducklogs.yar index aabafed..181af88 100644 --- a/yara_rules/sekoiaio_infostealer_win_ducklogs.yar +++ b/yara_rules/infostealer_win_ducklogs.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_ducklogs { +rule infostealer_win_ducklogs { meta: version = "1.0" description = "Detects DuckLogs based on specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_edgeguard.yar b/yara_rules/infostealer_win_edgeguard.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_edgeguard.yar rename to yara_rules/infostealer_win_edgeguard.yar index 19b9960..ff19355 100644 --- a/yara_rules/sekoiaio_infostealer_win_edgeguard.yar +++ b/yara_rules/infostealer_win_edgeguard.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_edgeguard { +rule infostealer_win_edgeguard { meta: id = "bbdb362f-d235-48f8-8fa5-d340d4e3e3f0" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_enigma_initial_loader.yar b/yara_rules/infostealer_win_enigma_initial_loader.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_enigma_initial_loader.yar rename to yara_rules/infostealer_win_enigma_initial_loader.yar index dcc9e1d..f1f3c6e 100644 --- a/yara_rules/sekoiaio_infostealer_win_enigma_initial_loader.yar +++ b/yara_rules/infostealer_win_enigma_initial_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_enigma_initial_loader { +rule infostealer_win_enigma_initial_loader { meta: id = "664fe8de-b406-4d63-9a4b-1c350b444f00" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_enigma_loader_module.yar b/yara_rules/infostealer_win_enigma_loader_module.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_enigma_loader_module.yar rename to yara_rules/infostealer_win_enigma_loader_module.yar index 61d132c..957172b 100644 --- a/yara_rules/sekoiaio_infostealer_win_enigma_loader_module.yar +++ b/yara_rules/infostealer_win_enigma_loader_module.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_enigma_loader_module { +rule infostealer_win_enigma_loader_module { meta: id = "664fe8de-b406-4d63-9a4b-1c350b444f01" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_enigma_stealer_module.yar b/yara_rules/infostealer_win_enigma_stealer_module.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_enigma_stealer_module.yar rename to yara_rules/infostealer_win_enigma_stealer_module.yar index eceecff..e433642 100644 --- a/yara_rules/sekoiaio_infostealer_win_enigma_stealer_module.yar +++ b/yara_rules/infostealer_win_enigma_stealer_module.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_enigma_stealer_module { +rule infostealer_win_enigma_stealer_module { meta: id = "664fe8de-b406-4d63-9a4b-1c350b444f02" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_eternity.yar b/yara_rules/infostealer_win_eternity.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_eternity.yar rename to yara_rules/infostealer_win_eternity.yar index adcffa0..85a4d84 100644 --- a/yara_rules/sekoiaio_infostealer_win_eternity.yar +++ b/yara_rules/infostealer_win_eternity.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_infostealer_win_eternity { +rule infostealer_win_eternity { meta: id = "0ed8d4bd-d57f-40a8-a709-d69531d59847" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_fwit_strings.yar b/yara_rules/infostealer_win_fwit_strings.yar similarity index 90% rename from yara_rules/sekoiaio_infostealer_win_fwit_strings.yar rename to yara_rules/infostealer_win_fwit_strings.yar index 9970217..322a8a1 100644 --- a/yara_rules/sekoiaio_infostealer_win_fwit_strings.yar +++ b/yara_rules/infostealer_win_fwit_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_fwit_strings { +rule infostealer_win_fwit_strings { meta: id = "332e89ad-d1fe-4da6-9354-0978ef173e78" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_ginzostealer_str.yar b/yara_rules/infostealer_win_ginzostealer_str.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_ginzostealer_str.yar rename to yara_rules/infostealer_win_ginzostealer_str.yar index 39221c1..f1dcf29 100644 --- a/yara_rules/sekoiaio_infostealer_win_ginzostealer_str.yar +++ b/yara_rules/infostealer_win_ginzostealer_str.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_ginzostealer_str { +rule infostealer_win_ginzostealer_str { meta: id = "ef87e94b-9c53-44b4-b8a1-87d371a6d2cb" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_gomorrah.yar b/yara_rules/infostealer_win_gomorrah.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_gomorrah.yar rename to yara_rules/infostealer_win_gomorrah.yar index 20f2c6e..fd36f54 100644 --- a/yara_rules/sekoiaio_infostealer_win_gomorrah.yar +++ b/yara_rules/infostealer_win_gomorrah.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_gomorrah { +rule infostealer_win_gomorrah { meta: id = "df8f06ba-6c93-4ce3-9857-ced93753f917" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_grmsk_strings.yar b/yara_rules/infostealer_win_grmsk_strings.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_grmsk_strings.yar rename to yara_rules/infostealer_win_grmsk_strings.yar index a7b16c2..5a5b23e 100644 --- a/yara_rules/sekoiaio_infostealer_win_grmsk_strings.yar +++ b/yara_rules/infostealer_win_grmsk_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_grmsk_strings { +rule infostealer_win_grmsk_strings { meta: version = "1.0" description = "Finds GrMsk samples based on the specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_irontiger_chrome_stealer.yar b/yara_rules/infostealer_win_irontiger_chrome_stealer.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_irontiger_chrome_stealer.yar rename to yara_rules/infostealer_win_irontiger_chrome_stealer.yar index e163858..66d5b91 100644 --- a/yara_rules/sekoiaio_infostealer_win_irontiger_chrome_stealer.yar +++ b/yara_rules/infostealer_win_irontiger_chrome_stealer.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_infostealer_win_irontiger_chrome_stealer { +rule infostealer_win_irontiger_chrome_stealer { meta: id = "8c5c3ed0-e1ea-4079-b330-ace8724bff2a" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_leaf.yar b/yara_rules/infostealer_win_leaf.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_leaf.yar rename to yara_rules/infostealer_win_leaf.yar index 098ac07..06c9987 100644 --- a/yara_rules/sekoiaio_infostealer_win_leaf.yar +++ b/yara_rules/infostealer_win_leaf.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_leaf { +rule infostealer_win_leaf { meta: id = "17d8e384-1092-4f27-b4f7-c0c0f7efcaa3" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_lighting.yar b/yara_rules/infostealer_win_lighting.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_lighting.yar rename to yara_rules/infostealer_win_lighting.yar index f3fe605..34d398b 100644 --- a/yara_rules/sekoiaio_infostealer_win_lighting.yar +++ b/yara_rules/infostealer_win_lighting.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_lighting { +rule infostealer_win_lighting { meta: id = "3c160c16-f417-4fa2-aa44-fb7b981fb2b3" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_lumma_strings_aug23.yar b/yara_rules/infostealer_win_lumma_strings_aug23.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_lumma_strings_aug23.yar rename to yara_rules/infostealer_win_lumma_strings_aug23.yar index d082fa3..695fd5a 100644 --- a/yara_rules/sekoiaio_infostealer_win_lumma_strings_aug23.yar +++ b/yara_rules/infostealer_win_lumma_strings_aug23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_lumma_strings_aug23 { +rule infostealer_win_lumma_strings_aug23 { meta: version = "1.0" description = "Finds Lumma samples based on the specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_lumma_strings_sept23.yar b/yara_rules/infostealer_win_lumma_strings_sept23.yar similarity index 93% rename from yara_rules/sekoiaio_infostealer_win_lumma_strings_sept23.yar rename to yara_rules/infostealer_win_lumma_strings_sept23.yar index e0218d2..fc37eb4 100644 --- a/yara_rules/sekoiaio_infostealer_win_lumma_strings_sept23.yar +++ b/yara_rules/infostealer_win_lumma_strings_sept23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_lumma_strings_sept23 { +rule infostealer_win_lumma_strings_sept23 { meta: version = "1.0" description = "Finds Lumma samples based on the specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_mars_stealer.yar b/yara_rules/infostealer_win_mars_stealer.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_mars_stealer.yar rename to yara_rules/infostealer_win_mars_stealer.yar index ef55cc1..82d287e 100644 --- a/yara_rules/sekoiaio_infostealer_win_mars_stealer.yar +++ b/yara_rules/infostealer_win_mars_stealer.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_infostealer_win_mars_stealer { +rule infostealer_win_mars_stealer { meta: id = "3e2c7440b2fc9e4b039e6fa8152ac8fd" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_mars_stealer_variant_llcppc1.yar b/yara_rules/infostealer_win_mars_stealer_variant_llcppc1.yar similarity index 88% rename from yara_rules/sekoiaio_infostealer_win_mars_stealer_variant_llcppc1.yar rename to yara_rules/infostealer_win_mars_stealer_variant_llcppc1.yar index c22bc43..fbb323b 100644 --- a/yara_rules/sekoiaio_infostealer_win_mars_stealer_variant_llcppc1.yar +++ b/yara_rules/infostealer_win_mars_stealer_variant_llcppc1.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_mars_stealer_variant_llcppc1 { +rule infostealer_win_mars_stealer_variant_llcppc1 { meta: id = "3e2c7440b2fc9e4b039e6fa8152ac8fe" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_mars_stealer_xor_routine.yar b/yara_rules/infostealer_win_mars_stealer_xor_routine.yar similarity index 90% rename from yara_rules/sekoiaio_infostealer_win_mars_stealer_xor_routine.yar rename to yara_rules/infostealer_win_mars_stealer_xor_routine.yar index e5f9a2c..05e70e0 100644 --- a/yara_rules/sekoiaio_infostealer_win_mars_stealer_xor_routine.yar +++ b/yara_rules/infostealer_win_mars_stealer_xor_routine.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_mars_stealer_xor_routine { +rule infostealer_win_mars_stealer_xor_routine { meta: id = "3e2c7440b2fc9e4b039e6fa8152ac8ff" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_meduzastealer.yar b/yara_rules/infostealer_win_meduzastealer.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_meduzastealer.yar rename to yara_rules/infostealer_win_meduzastealer.yar index 66a2bf5..1386429 100644 --- a/yara_rules/sekoiaio_infostealer_win_meduzastealer.yar +++ b/yara_rules/infostealer_win_meduzastealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_meduzastealer { +rule infostealer_win_meduzastealer { meta: id = "1276f485-aa5d-491b-89d8-77f98dc496e1" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_metastealer_strings.yar b/yara_rules/infostealer_win_metastealer_strings.yar similarity index 90% rename from yara_rules/sekoiaio_infostealer_win_metastealer_strings.yar rename to yara_rules/infostealer_win_metastealer_strings.yar index 4c4218d..0315340 100644 --- a/yara_rules/sekoiaio_infostealer_win_metastealer_strings.yar +++ b/yara_rules/infostealer_win_metastealer_strings.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_infostealer_win_metastealer_strings { +rule infostealer_win_metastealer_strings { meta: id = "1f4b6f0b-706e-48b0-889d-01c1b7f92776" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_monster_stub.yar b/yara_rules/infostealer_win_monster_stub.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_monster_stub.yar rename to yara_rules/infostealer_win_monster_stub.yar index 2951e80..21d3fb9 100644 --- a/yara_rules/sekoiaio_infostealer_win_monster_stub.yar +++ b/yara_rules/infostealer_win_monster_stub.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_monster_stub { +rule infostealer_win_monster_stub { meta: id = "10d27d49-79ae-4edc-8c30-35506bdf2c42" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_nekostealer.yar b/yara_rules/infostealer_win_nekostealer.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_nekostealer.yar rename to yara_rules/infostealer_win_nekostealer.yar index 08ee2d8..45f2cfd 100644 --- a/yara_rules/sekoiaio_infostealer_win_nekostealer.yar +++ b/yara_rules/infostealer_win_nekostealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_nekostealer { +rule infostealer_win_nekostealer { meta: id = "8b7d2708-9d33-4855-8e02-f6afedb7dda8" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_nemesis_in_memory.yar b/yara_rules/infostealer_win_nemesis_in_memory.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_nemesis_in_memory.yar rename to yara_rules/infostealer_win_nemesis_in_memory.yar index c33bfac..ff4efb9 100644 --- a/yara_rules/sekoiaio_infostealer_win_nemesis_in_memory.yar +++ b/yara_rules/infostealer_win_nemesis_in_memory.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_nemesis_in_memory { +rule infostealer_win_nemesis_in_memory { meta: id = "01d85bd5-ea93-44ff-b36a-9cd9eb54d634" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_nosu.yar b/yara_rules/infostealer_win_nosu.yar similarity index 93% rename from yara_rules/sekoiaio_infostealer_win_nosu.yar rename to yara_rules/infostealer_win_nosu.yar index ec00d8c..2dd71e5 100644 --- a/yara_rules/sekoiaio_infostealer_win_nosu.yar +++ b/yara_rules/infostealer_win_nosu.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_nosu { +rule infostealer_win_nosu { meta: version = "1.0" description = "Finds Nosu samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_infostealer_win_pennywise_mar23.yar b/yara_rules/infostealer_win_pennywise_mar23.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_pennywise_mar23.yar rename to yara_rules/infostealer_win_pennywise_mar23.yar index 9200b43..4a45d75 100644 --- a/yara_rules/sekoiaio_infostealer_win_pennywise_mar23.yar +++ b/yara_rules/infostealer_win_pennywise_mar23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_pennywise_mar23 { +rule infostealer_win_pennywise_mar23 { meta: id = "9852b7e7-dfff-44e6-9068-d287cc84b069" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_phoenix.yar b/yara_rules/infostealer_win_phoenix.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_phoenix.yar rename to yara_rules/infostealer_win_phoenix.yar index d10cb42..d39610e 100644 --- a/yara_rules/sekoiaio_infostealer_win_phoenix.yar +++ b/yara_rules/infostealer_win_phoenix.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_phoenix { +rule infostealer_win_phoenix { meta: id = "d63a8fcf-f897-4c36-a6ce-4bd4ae0154e5" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_phoenixwave.yar b/yara_rules/infostealer_win_phoenixwave.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_phoenixwave.yar rename to yara_rules/infostealer_win_phoenixwave.yar index 49103a1..fdc2b5b 100644 --- a/yara_rules/sekoiaio_infostealer_win_phoenixwave.yar +++ b/yara_rules/infostealer_win_phoenixwave.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_phoenixwave { +rule infostealer_win_phoenixwave { meta: id = "67c05ea8-2f1b-4c60-b108-e05d7d0c6508" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_raccoon_str_takemypainback.yar b/yara_rules/infostealer_win_raccoon_str_takemypainback.yar similarity index 90% rename from yara_rules/sekoiaio_infostealer_win_raccoon_str_takemypainback.yar rename to yara_rules/infostealer_win_raccoon_str_takemypainback.yar index f9176f5..810afde 100644 --- a/yara_rules/sekoiaio_infostealer_win_raccoon_str_takemypainback.yar +++ b/yara_rules/infostealer_win_raccoon_str_takemypainback.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_raccoon_str_takemypainback { +rule infostealer_win_raccoon_str_takemypainback { meta: version = "1.0" description = "Detect Raccoon based on specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_redline_strings.yar b/yara_rules/infostealer_win_redline_strings.yar similarity index 98% rename from yara_rules/sekoiaio_infostealer_win_redline_strings.yar rename to yara_rules/infostealer_win_redline_strings.yar index 8e72b10..ac8dd81 100644 --- a/yara_rules/sekoiaio_infostealer_win_redline_strings.yar +++ b/yara_rules/infostealer_win_redline_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_redline_strings { +rule infostealer_win_redline_strings { meta: version = "1.0" description = "Finds Redline samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_infostealer_win_solarmarker_dll.yar b/yara_rules/infostealer_win_solarmarker_dll.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_solarmarker_dll.yar rename to yara_rules/infostealer_win_solarmarker_dll.yar index c86b032..87f0bb1 100644 --- a/yara_rules/sekoiaio_infostealer_win_solarmarker_dll.yar +++ b/yara_rules/infostealer_win_solarmarker_dll.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_solarmarker_dll { +rule infostealer_win_solarmarker_dll { meta: version = "1.0" description = "Finds SolarMarker DLL based on characteristic strings" diff --git a/yara_rules/sekoiaio_infostealer_win_solarmarker_powershell.yar b/yara_rules/infostealer_win_solarmarker_powershell.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_solarmarker_powershell.yar rename to yara_rules/infostealer_win_solarmarker_powershell.yar index 67bd5b3..380b6f1 100644 --- a/yara_rules/sekoiaio_infostealer_win_solarmarker_powershell.yar +++ b/yara_rules/infostealer_win_solarmarker_powershell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_solarmarker_powershell { +rule infostealer_win_solarmarker_powershell { meta: version = "1.0" description = "Finds SolarMarker PowerShell script based on characteristic strings" diff --git a/yara_rules/sekoiaio_infostealer_win_spacestealer.yar b/yara_rules/infostealer_win_spacestealer.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_spacestealer.yar rename to yara_rules/infostealer_win_spacestealer.yar index 54518d4..f8b5c67 100644 --- a/yara_rules/sekoiaio_infostealer_win_spacestealer.yar +++ b/yara_rules/infostealer_win_spacestealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_spacestealer { +rule infostealer_win_spacestealer { meta: version = "1.0" description = "Detects SpaceStealer based on specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_stealc.yar b/yara_rules/infostealer_win_stealc.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_stealc.yar rename to yara_rules/infostealer_win_stealc.yar index 49b8c48..e7d1c39 100644 --- a/yara_rules/sekoiaio_infostealer_win_stealc.yar +++ b/yara_rules/infostealer_win_stealc.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_stealc { +rule infostealer_win_stealc { meta: id = "aa78772e-9b31-40f3-84f4-b8302ea63a28" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_stealc_str_oct24.yar b/yara_rules/infostealer_win_stealc_str_oct24.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_stealc_str_oct24.yar rename to yara_rules/infostealer_win_stealc_str_oct24.yar index 9c804d0..8782ccd 100644 --- a/yara_rules/sekoiaio_infostealer_win_stealc_str_oct24.yar +++ b/yara_rules/infostealer_win_stealc_str_oct24.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_stealc_str_oct24 { +rule infostealer_win_stealc_str_oct24 { meta: id = "7448fafe-206c-4f9c-b5a3-cbabec12a45b" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_stealerium.yar b/yara_rules/infostealer_win_stealerium.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_stealerium.yar rename to yara_rules/infostealer_win_stealerium.yar index 8740ce7..5836f59 100644 --- a/yara_rules/sekoiaio_infostealer_win_stealerium.yar +++ b/yara_rules/infostealer_win_stealerium.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_stealerium { +rule infostealer_win_stealerium { meta: version = "1.0" description = "Detects Stealerium based on specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_stormkitty.yar b/yara_rules/infostealer_win_stormkitty.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_stormkitty.yar rename to yara_rules/infostealer_win_stormkitty.yar index 2363cb9..3ee25ec 100644 --- a/yara_rules/sekoiaio_infostealer_win_stormkitty.yar +++ b/yara_rules/infostealer_win_stormkitty.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_stormkitty { +rule infostealer_win_stormkitty { meta: id = "5014d2e5-af5c-4800-ab1e-b57de37a2450" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_stormkitty_exfil_urls.yar b/yara_rules/infostealer_win_stormkitty_exfil_urls.yar similarity index 91% rename from yara_rules/sekoiaio_infostealer_win_stormkitty_exfil_urls.yar rename to yara_rules/infostealer_win_stormkitty_exfil_urls.yar index f14d24e..dab2e0d 100644 --- a/yara_rules/sekoiaio_infostealer_win_stormkitty_exfil_urls.yar +++ b/yara_rules/infostealer_win_stormkitty_exfil_urls.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_stormkitty_exfil_urls { +rule infostealer_win_stormkitty_exfil_urls { meta: id = "d3b6e778-85da-4ab6-bc98-921897677485" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_titan.yar b/yara_rules/infostealer_win_titan.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_titan.yar rename to yara_rules/infostealer_win_titan.yar index 6cde16a..33ec62c 100644 --- a/yara_rules/sekoiaio_infostealer_win_titan.yar +++ b/yara_rules/infostealer_win_titan.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_titan { +rule infostealer_win_titan { meta: id = "0adbe616-0d91-4b05-b7a8-812cd79f9252" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_vidar_str_jul22.yar b/yara_rules/infostealer_win_vidar_str_jul22.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_vidar_str_jul22.yar rename to yara_rules/infostealer_win_vidar_str_jul22.yar index ae92e57..5b6d5e3 100644 --- a/yara_rules/sekoiaio_infostealer_win_vidar_str_jul22.yar +++ b/yara_rules/infostealer_win_vidar_str_jul22.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_vidar_str_jul22 { +rule infostealer_win_vidar_str_jul22 { meta: id = "1dc18694-aaac-41e6-979a-c06d5d62f5ea" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_vidar_strings_nov23.yar b/yara_rules/infostealer_win_vidar_strings_nov23.yar similarity index 95% rename from yara_rules/sekoiaio_infostealer_win_vidar_strings_nov23.yar rename to yara_rules/infostealer_win_vidar_strings_nov23.yar index 5d97f34..aa7a9a6 100644 --- a/yara_rules/sekoiaio_infostealer_win_vidar_strings_nov23.yar +++ b/yara_rules/infostealer_win_vidar_strings_nov23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_vidar_strings_nov23 { +rule infostealer_win_vidar_strings_nov23 { meta: version = "1.0" description = "Finds Vidar samples based on the specific strings" diff --git a/yara_rules/sekoiaio_infostealer_win_vulturi.yar b/yara_rules/infostealer_win_vulturi.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_vulturi.yar rename to yara_rules/infostealer_win_vulturi.yar index 6b1237c..a56e16c 100644 --- a/yara_rules/sekoiaio_infostealer_win_vulturi.yar +++ b/yara_rules/infostealer_win_vulturi.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_vulturi { +rule infostealer_win_vulturi { meta: id = "5369cbfb-ff94-4484-b5a4-894feeed97e1" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_whitesnake_loader_feb23.yar b/yara_rules/infostealer_win_whitesnake_loader_feb23.yar similarity index 92% rename from yara_rules/sekoiaio_infostealer_win_whitesnake_loader_feb23.yar rename to yara_rules/infostealer_win_whitesnake_loader_feb23.yar index 86eca70..50e1a5b 100644 --- a/yara_rules/sekoiaio_infostealer_win_whitesnake_loader_feb23.yar +++ b/yara_rules/infostealer_win_whitesnake_loader_feb23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_whitesnake_loader_feb23 { +rule infostealer_win_whitesnake_loader_feb23 { meta: id = "f81a8a96-6fd2-4f5c-8a56-ff66ff1a80d3" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_whitesnake_stealer_feb23.yar b/yara_rules/infostealer_win_whitesnake_stealer_feb23.yar similarity index 94% rename from yara_rules/sekoiaio_infostealer_win_whitesnake_stealer_feb23.yar rename to yara_rules/infostealer_win_whitesnake_stealer_feb23.yar index 3ee3d2d..1994551 100644 --- a/yara_rules/sekoiaio_infostealer_win_whitesnake_stealer_feb23.yar +++ b/yara_rules/infostealer_win_whitesnake_stealer_feb23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_whitesnake_stealer_feb23 { +rule infostealer_win_whitesnake_stealer_feb23 { meta: id = "68ae7fbc-4486-4b60-af5e-f37ddc58f170" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_whitesnake_xor_rc4_july12.yar b/yara_rules/infostealer_win_whitesnake_xor_rc4_july12.yar similarity index 92% rename from yara_rules/sekoiaio_infostealer_win_whitesnake_xor_rc4_july12.yar rename to yara_rules/infostealer_win_whitesnake_xor_rc4_july12.yar index 2f8fb2b..74757fa 100644 --- a/yara_rules/sekoiaio_infostealer_win_whitesnake_xor_rc4_july12.yar +++ b/yara_rules/infostealer_win_whitesnake_xor_rc4_july12.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_whitesnake_xor_rc4_july12 { +rule infostealer_win_whitesnake_xor_rc4_july12 { meta: id = "f2ebfcbd-9667-459a-a543-ce0be62c0dc4" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_xehook_str.yar b/yara_rules/infostealer_win_xehook_str.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_xehook_str.yar rename to yara_rules/infostealer_win_xehook_str.yar index 87341a9..02a928b 100644 --- a/yara_rules/sekoiaio_infostealer_win_xehook_str.yar +++ b/yara_rules/infostealer_win_xehook_str.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_xehook_str { +rule infostealer_win_xehook_str { meta: id = "fa76988d-f0a2-4fc2-a122-c104fd585f34" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_xenostealer_strings.yar b/yara_rules/infostealer_win_xenostealer_strings.yar similarity index 96% rename from yara_rules/sekoiaio_infostealer_win_xenostealer_strings.yar rename to yara_rules/infostealer_win_xenostealer_strings.yar index ff4306f..87c199a 100644 --- a/yara_rules/sekoiaio_infostealer_win_xenostealer_strings.yar +++ b/yara_rules/infostealer_win_xenostealer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_xenostealer_strings { +rule infostealer_win_xenostealer_strings { meta: id = "0a41788b-1fa7-44ff-af85-9c1ff1892aad" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_xfiles.yar b/yara_rules/infostealer_win_xfiles.yar similarity index 97% rename from yara_rules/sekoiaio_infostealer_win_xfiles.yar rename to yara_rules/infostealer_win_xfiles.yar index 9fd3fe0..31bec41 100644 --- a/yara_rules/sekoiaio_infostealer_win_xfiles.yar +++ b/yara_rules/infostealer_win_xfiles.yar @@ -1,4 +1,4 @@ -rule sekoiaio_infostealer_win_xfiles { +rule infostealer_win_xfiles { meta: id = "3ad3ee19-6be8-484b-943c-05813cdcbd18" version = "1.0" diff --git a/yara_rules/sekoiaio_installer_win_minibus.yar b/yara_rules/installer_win_minibus.yar similarity index 95% rename from yara_rules/sekoiaio_installer_win_minibus.yar rename to yara_rules/installer_win_minibus.yar index 2b1283d..83c487d 100644 --- a/yara_rules/sekoiaio_installer_win_minibus.yar +++ b/yara_rules/installer_win_minibus.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_installer_win_minibus { +rule installer_win_minibus { meta: id = "0f7f600d-d93b-4b5a-aa0e-7d91038409e6" version = "1.0" diff --git a/yara_rules/sekoiaio_keylogger_win_donot.yar b/yara_rules/keylogger_win_donot.yar similarity index 93% rename from yara_rules/sekoiaio_keylogger_win_donot.yar rename to yara_rules/keylogger_win_donot.yar index f2f4a07..82b98e5 100644 --- a/yara_rules/sekoiaio_keylogger_win_donot.yar +++ b/yara_rules/keylogger_win_donot.yar @@ -1,4 +1,4 @@ -rule sekoiaio_keylogger_win_donot { +rule keylogger_win_donot { meta: id = "4f67dda7-da68-4496-a8b4-a8a769ddd763" version = "1.0" diff --git a/yara_rules/sekoiaio_killfloor_avkiller_strings.yar b/yara_rules/killfloor_avkiller_strings.yar similarity index 95% rename from yara_rules/sekoiaio_killfloor_avkiller_strings.yar rename to yara_rules/killfloor_avkiller_strings.yar index 26cc951..38a8446 100644 --- a/yara_rules/sekoiaio_killfloor_avkiller_strings.yar +++ b/yara_rules/killfloor_avkiller_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_killfloor_avkiller_strings { +rule killfloor_avkiller_strings { meta: id = "ae6908c3-27d4-4d2c-af21-a9548dfcd487" version = "1.0" diff --git a/yara_rules/sekoiaio_kimsuky_konni_dll.yar b/yara_rules/kimsuky_konni_dll.yar similarity index 97% rename from yara_rules/sekoiaio_kimsuky_konni_dll.yar rename to yara_rules/kimsuky_konni_dll.yar index 9c86b04..13642de 100644 --- a/yara_rules/sekoiaio_kimsuky_konni_dll.yar +++ b/yara_rules/kimsuky_konni_dll.yar @@ -1,4 +1,4 @@ -rule sekoiaio_kimsuky_konni_dll { +rule kimsuky_konni_dll { meta: id = "6a20c492-e932-41bd-ac4a-01d35bfb0c49" version = "1.0" diff --git a/yara_rules/sekoiaio_koi_koiloader.yar b/yara_rules/koi_koiloader.yar similarity index 94% rename from yara_rules/sekoiaio_koi_koiloader.yar rename to yara_rules/koi_koiloader.yar index 511580d..28d90ca 100644 --- a/yara_rules/sekoiaio_koi_koiloader.yar +++ b/yara_rules/koi_koiloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_koi_koiloader { +rule koi_koiloader { meta: id = "b8289d78-42de-4919-b2c5-3c926ddd8043" version = "1.0" diff --git a/yara_rules/sekoiaio_koi_netstealer.yar b/yara_rules/koi_netstealer.yar similarity index 94% rename from yara_rules/sekoiaio_koi_netstealer.yar rename to yara_rules/koi_netstealer.yar index 94a2be1..0649e89 100644 --- a/yara_rules/sekoiaio_koi_netstealer.yar +++ b/yara_rules/koi_netstealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_koi_netstealer { +rule koi_netstealer { meta: id = "deb06e2a-848c-44b3-be95-017ebccf11f8" version = "1.0" diff --git a/yara_rules/sekoiaio_koi_powershell_loading_obfuscatednet.yar b/yara_rules/koi_powershell_loading_obfuscatednet.yar similarity index 91% rename from yara_rules/sekoiaio_koi_powershell_loading_obfuscatednet.yar rename to yara_rules/koi_powershell_loading_obfuscatednet.yar index 9ee4fcb..d1776ac 100644 --- a/yara_rules/sekoiaio_koi_powershell_loading_obfuscatednet.yar +++ b/yara_rules/koi_powershell_loading_obfuscatednet.yar @@ -1,4 +1,4 @@ -rule sekoiaio_koi_powershell_loading_obfuscatednet { +rule koi_powershell_loading_obfuscatednet { meta: id = "75a7460d-cc28-470e-9841-da8e46ee0101" version = "1.0" diff --git a/yara_rules/sekoiaio_koiloader_lnk.yar b/yara_rules/koiloader_lnk.yar similarity index 95% rename from yara_rules/sekoiaio_koiloader_lnk.yar rename to yara_rules/koiloader_lnk.yar index 14cd3c3..7301805 100644 --- a/yara_rules/sekoiaio_koiloader_lnk.yar +++ b/yara_rules/koiloader_lnk.yar @@ -1,4 +1,4 @@ -rule sekoiaio_koiloader_lnk { +rule koiloader_lnk { meta: id = "e82975b9-94b7-4de8-8cd5-d594aa80cf02" version = "1.0" diff --git a/yara_rules/sekoiaio_koiloader_powershell_reflective_loading.yar b/yara_rules/koiloader_powershell_reflective_loading.yar similarity index 91% rename from yara_rules/sekoiaio_koiloader_powershell_reflective_loading.yar rename to yara_rules/koiloader_powershell_reflective_loading.yar index 1341883..9fce3a8 100644 --- a/yara_rules/sekoiaio_koiloader_powershell_reflective_loading.yar +++ b/yara_rules/koiloader_powershell_reflective_loading.yar @@ -1,4 +1,4 @@ -rule sekoiaio_koiloader_powershell_reflective_loading { +rule koiloader_powershell_reflective_loading { meta: id = "9bbe4cea-3e64-4377-bf93-def9fb629734" version = "1.0" diff --git a/yara_rules/sekoiaio_latrodectus_br4_js_dropper.yar b/yara_rules/latrodectus_br4_js_dropper.yar similarity index 91% rename from yara_rules/sekoiaio_latrodectus_br4_js_dropper.yar rename to yara_rules/latrodectus_br4_js_dropper.yar index d071d25..24562a4 100644 --- a/yara_rules/sekoiaio_latrodectus_br4_js_dropper.yar +++ b/yara_rules/latrodectus_br4_js_dropper.yar @@ -1,4 +1,4 @@ -rule sekoiaio_latrodectus_br4_js_dropper { +rule latrodectus_br4_js_dropper { meta: id = "042a598d-66fa-4994-a793-228355abd5dd" version = "1.0" diff --git a/yara_rules/sekoiaio_latrodectus_exports.yar b/yara_rules/latrodectus_exports.yar similarity index 92% rename from yara_rules/sekoiaio_latrodectus_exports.yar rename to yara_rules/latrodectus_exports.yar index b85efea..6111aa8 100644 --- a/yara_rules/sekoiaio_latrodectus_exports.yar +++ b/yara_rules/latrodectus_exports.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_latrodectus_exports { +rule latrodectus_exports { meta: version = "1.0" description = "detection based on the exports" diff --git a/yara_rules/sekoiaio_launcher_win_bluehaze.yar b/yara_rules/launcher_win_bluehaze.yar similarity index 97% rename from yara_rules/sekoiaio_launcher_win_bluehaze.yar rename to yara_rules/launcher_win_bluehaze.yar index 952c090..7d56040 100644 --- a/yara_rules/sekoiaio_launcher_win_bluehaze.yar +++ b/yara_rules/launcher_win_bluehaze.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_launcher_win_bluehaze { +rule launcher_win_bluehaze { meta: id = "ccfe0593-0a9f-4369-952e-5cef2f459bb3" version = "1.0" diff --git a/yara_rules/sekoiaio_launcher_win_mistcloak.yar b/yara_rules/launcher_win_mistcloak.yar similarity index 96% rename from yara_rules/sekoiaio_launcher_win_mistcloak.yar rename to yara_rules/launcher_win_mistcloak.yar index 5b9c5b6..4762ca7 100644 --- a/yara_rules/sekoiaio_launcher_win_mistcloak.yar +++ b/yara_rules/launcher_win_mistcloak.yar @@ -1,7 +1,7 @@ import "hash" import "pe" -rule sekoiaio_launcher_win_mistcloak { +rule launcher_win_mistcloak { meta: id = "3dbf5efa-d77c-436a-a080-9ac58a78425f" version = "1.0" diff --git a/yara_rules/sekoiaio_launcher_win_romcom_launcher.yar b/yara_rules/launcher_win_romcom_launcher.yar similarity index 93% rename from yara_rules/sekoiaio_launcher_win_romcom_launcher.yar rename to yara_rules/launcher_win_romcom_launcher.yar index b199e85..133ac2b 100644 --- a/yara_rules/sekoiaio_launcher_win_romcom_launcher.yar +++ b/yara_rules/launcher_win_romcom_launcher.yar @@ -1,4 +1,4 @@ -rule sekoiaio_launcher_win_romcom_launcher { +rule launcher_win_romcom_launcher { meta: id = "e8fa8239-a763-4be2-8f34-8e112e65b35e" version = "1.0" diff --git a/yara_rules/sekoiaio_launcher_win_stealthmutant_bat_launcher.yar b/yara_rules/launcher_win_stealthmutant_bat_launcher.yar similarity index 93% rename from yara_rules/sekoiaio_launcher_win_stealthmutant_bat_launcher.yar rename to yara_rules/launcher_win_stealthmutant_bat_launcher.yar index 3064a41..7edae10 100644 --- a/yara_rules/sekoiaio_launcher_win_stealthmutant_bat_launcher.yar +++ b/yara_rules/launcher_win_stealthmutant_bat_launcher.yar @@ -1,4 +1,4 @@ -rule sekoiaio_launcher_win_stealthmutant_bat_launcher { +rule launcher_win_stealthmutant_bat_launcher { meta: id = "7452291f-2244-469e-bb7c-5eff1ca17aa2" version = "1.0" diff --git a/yara_rules/sekoiaio_lnk_astaroth.yar b/yara_rules/lnk_astaroth.yar similarity index 97% rename from yara_rules/sekoiaio_lnk_astaroth.yar rename to yara_rules/lnk_astaroth.yar index 44b1f8f..d17ece2 100644 --- a/yara_rules/sekoiaio_lnk_astaroth.yar +++ b/yara_rules/lnk_astaroth.yar @@ -1,4 +1,4 @@ -rule sekoiaio_lnk_astaroth { +rule lnk_astaroth { meta: id = "1f4ce619-6f94-400a-9b32-46f2018da25c" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_amadey_clipper_plugin.yar b/yara_rules/loader_amadey_clipper_plugin.yar similarity index 94% rename from yara_rules/sekoiaio_loader_amadey_clipper_plugin.yar rename to yara_rules/loader_amadey_clipper_plugin.yar index bf90d40..49670a9 100644 --- a/yara_rules/sekoiaio_loader_amadey_clipper_plugin.yar +++ b/yara_rules/loader_amadey_clipper_plugin.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_amadey_clipper_plugin { +rule loader_amadey_clipper_plugin { meta: version = "1.0" description = "Finds Amadey's clipper plugin based on characteristic strings" diff --git a/yara_rules/sekoiaio_loader_amadey_standalone_may23.yar b/yara_rules/loader_amadey_standalone_may23.yar similarity index 91% rename from yara_rules/sekoiaio_loader_amadey_standalone_may23.yar rename to yara_rules/loader_amadey_standalone_may23.yar index 7bded7f..2f45623 100644 --- a/yara_rules/sekoiaio_loader_amadey_standalone_may23.yar +++ b/yara_rules/loader_amadey_standalone_may23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_amadey_standalone_may23 { +rule loader_amadey_standalone_may23 { meta: version = "1.0" description = "Finds standalone samples of Amadey based on characteristic strings" diff --git a/yara_rules/sekoiaio_loader_amadey_stealer_plugin.yar b/yara_rules/loader_amadey_stealer_plugin.yar similarity index 96% rename from yara_rules/sekoiaio_loader_amadey_stealer_plugin.yar rename to yara_rules/loader_amadey_stealer_plugin.yar index 9ee3870..ded8861 100644 --- a/yara_rules/sekoiaio_loader_amadey_stealer_plugin.yar +++ b/yara_rules/loader_amadey_stealer_plugin.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_amadey_stealer_plugin { +rule loader_amadey_stealer_plugin { meta: version = "1.0" description = "Finds Amadey's stealer plugin based on characteristic strings" diff --git a/yara_rules/sekoiaio_loader_fakebat_initial_powershell_may24.yar b/yara_rules/loader_fakebat_initial_powershell_may24.yar similarity index 91% rename from yara_rules/sekoiaio_loader_fakebat_initial_powershell_may24.yar rename to yara_rules/loader_fakebat_initial_powershell_may24.yar index e2a6e2f..fc8b3bc 100644 --- a/yara_rules/sekoiaio_loader_fakebat_initial_powershell_may24.yar +++ b/yara_rules/loader_fakebat_initial_powershell_may24.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_fakebat_initial_powershell_may24 { +rule loader_fakebat_initial_powershell_may24 { meta: id = "adf0e4fc-fa98-470b-9535-bd30d0bdb3aa" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_fakebat_powershell_fingerprint_may24.yar b/yara_rules/loader_fakebat_powershell_fingerprint_may24.yar similarity index 94% rename from yara_rules/sekoiaio_loader_fakebat_powershell_fingerprint_may24.yar rename to yara_rules/loader_fakebat_powershell_fingerprint_may24.yar index a062b1e..95b614a 100644 --- a/yara_rules/sekoiaio_loader_fakebat_powershell_fingerprint_may24.yar +++ b/yara_rules/loader_fakebat_powershell_fingerprint_may24.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_fakebat_powershell_fingerprint_may24 { +rule loader_fakebat_powershell_fingerprint_may24 { meta: id = "7efcf9cf-78fe-400e-abe3-6955c394e358" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_latrodectus_dll.yar b/yara_rules/loader_latrodectus_dll.yar similarity index 97% rename from yara_rules/sekoiaio_loader_latrodectus_dll.yar rename to yara_rules/loader_latrodectus_dll.yar index 0636c0d..d127451 100644 --- a/yara_rules/sekoiaio_loader_latrodectus_dll.yar +++ b/yara_rules/loader_latrodectus_dll.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_latrodectus_dll { +rule loader_latrodectus_dll { meta: version = "1.0" description = "Finds Latrodectus samples based on the specific strings" diff --git a/yara_rules/sekoiaio_loader_win_abcloader.yar b/yara_rules/loader_win_abcloader.yar similarity index 95% rename from yara_rules/sekoiaio_loader_win_abcloader.yar rename to yara_rules/loader_win_abcloader.yar index 5c480ac..e78f38f 100644 --- a/yara_rules/sekoiaio_loader_win_abcloader.yar +++ b/yara_rules/loader_win_abcloader.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_loader_win_abcloader { +rule loader_win_abcloader { meta: id = "c286ce75-a041-478e-a567-4bf1d5e66c01" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_aresloader.yar b/yara_rules/loader_win_aresloader.yar similarity index 96% rename from yara_rules/sekoiaio_loader_win_aresloader.yar rename to yara_rules/loader_win_aresloader.yar index c22dd89..4ab744e 100644 --- a/yara_rules/sekoiaio_loader_win_aresloader.yar +++ b/yara_rules/loader_win_aresloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_aresloader { +rule loader_win_aresloader { meta: version = "1.0" description = "Finds AresLoader samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_loader_win_batloader_scripts.yar b/yara_rules/loader_win_batloader_scripts.yar similarity index 96% rename from yara_rules/sekoiaio_loader_win_batloader_scripts.yar rename to yara_rules/loader_win_batloader_scripts.yar index 53a476d..112368e 100644 --- a/yara_rules/sekoiaio_loader_win_batloader_scripts.yar +++ b/yara_rules/loader_win_batloader_scripts.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_batloader_scripts { +rule loader_win_batloader_scripts { meta: version = "1.0" description = "Finds BatLoader samples based on the specific download URL" diff --git a/yara_rules/sekoiaio_loader_win_bumblebee.yar b/yara_rules/loader_win_bumblebee.yar similarity index 93% rename from yara_rules/sekoiaio_loader_win_bumblebee.yar rename to yara_rules/loader_win_bumblebee.yar index b04a364..fd408ed 100644 --- a/yara_rules/sekoiaio_loader_win_bumblebee.yar +++ b/yara_rules/loader_win_bumblebee.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_bumblebee { +rule loader_win_bumblebee { meta: id = "ff36f512-c700-4f52-bc89-68ab9c69462c" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_dodgebox.yar b/yara_rules/loader_win_dodgebox.yar similarity index 97% rename from yara_rules/sekoiaio_loader_win_dodgebox.yar rename to yara_rules/loader_win_dodgebox.yar index 2065b0a..62a0ff0 100644 --- a/yara_rules/sekoiaio_loader_win_dodgebox.yar +++ b/yara_rules/loader_win_dodgebox.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_loader_win_dodgebox { +rule loader_win_dodgebox { meta: id = "8d5f94f3-1add-4f34-ba9e-f8f576c4e5b8" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_doppeldridex.yar b/yara_rules/loader_win_doppeldridex.yar similarity index 97% rename from yara_rules/sekoiaio_loader_win_doppeldridex.yar rename to yara_rules/loader_win_doppeldridex.yar index 0f5181e..88ced7d 100644 --- a/yara_rules/sekoiaio_loader_win_doppeldridex.yar +++ b/yara_rules/loader_win_doppeldridex.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_loader_win_doppeldridex { +rule loader_win_doppeldridex { meta: id = "ee5111ae-ba0b-4cd3-abe6-c66324d16840" version = "1.1" diff --git a/yara_rules/sekoiaio_loader_win_erbium.yar b/yara_rules/loader_win_erbium.yar similarity index 95% rename from yara_rules/sekoiaio_loader_win_erbium.yar rename to yara_rules/loader_win_erbium.yar index a0bae33..d8bd730 100644 --- a/yara_rules/sekoiaio_loader_win_erbium.yar +++ b/yara_rules/loader_win_erbium.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_erbium { +rule loader_win_erbium { meta: version = "1.0" description = "Detect the Erbium loader based on specific user-agent and URI" diff --git a/yara_rules/sekoiaio_loader_win_fudloader.yar b/yara_rules/loader_win_fudloader.yar similarity index 95% rename from yara_rules/sekoiaio_loader_win_fudloader.yar rename to yara_rules/loader_win_fudloader.yar index 7d2bb64..9f39211 100644 --- a/yara_rules/sekoiaio_loader_win_fudloader.yar +++ b/yara_rules/loader_win_fudloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_fudloader { +rule loader_win_fudloader { meta: id = "4c2ac614-89af-4449-9fd2-9f935e4c27b8" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_gcleaner.yar b/yara_rules/loader_win_gcleaner.yar similarity index 95% rename from yara_rules/sekoiaio_loader_win_gcleaner.yar rename to yara_rules/loader_win_gcleaner.yar index 8143842..4181652 100644 --- a/yara_rules/sekoiaio_loader_win_gcleaner.yar +++ b/yara_rules/loader_win_gcleaner.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_gcleaner { +rule loader_win_gcleaner { meta: version = "1.0" description = "Detect the GCleaner loader using specific strings" diff --git a/yara_rules/sekoiaio_loader_win_goshellcode.yar b/yara_rules/loader_win_goshellcode.yar similarity index 95% rename from yara_rules/sekoiaio_loader_win_goshellcode.yar rename to yara_rules/loader_win_goshellcode.yar index 74a84eb..fe16207 100644 --- a/yara_rules/sekoiaio_loader_win_goshellcode.yar +++ b/yara_rules/loader_win_goshellcode.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_goshellcode { +rule loader_win_goshellcode { meta: version = "1.0" description = "Finds GoShellcode samples based on the specific strings" diff --git a/yara_rules/sekoiaio_loader_win_jennlog.yar b/yara_rules/loader_win_jennlog.yar similarity index 96% rename from yara_rules/sekoiaio_loader_win_jennlog.yar rename to yara_rules/loader_win_jennlog.yar index 60fa704..7659f9f 100644 --- a/yara_rules/sekoiaio_loader_win_jennlog.yar +++ b/yara_rules/loader_win_jennlog.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_loader_win_jennlog { +rule loader_win_jennlog { meta: id = "a69088e5-207f-494f-876b-766b8050e8c2" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_jinxloader_strings.yar b/yara_rules/loader_win_jinxloader_strings.yar similarity index 92% rename from yara_rules/sekoiaio_loader_win_jinxloader_strings.yar rename to yara_rules/loader_win_jinxloader_strings.yar index d5fe441..5f235e4 100644 --- a/yara_rules/sekoiaio_loader_win_jinxloader_strings.yar +++ b/yara_rules/loader_win_jinxloader_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_jinxloader_strings { +rule loader_win_jinxloader_strings { meta: version = "1.0" description = "Finds JinxLoader samples based on the specific strings" diff --git a/yara_rules/sekoiaio_loader_win_konni_bat.yar b/yara_rules/loader_win_konni_bat.yar similarity index 95% rename from yara_rules/sekoiaio_loader_win_konni_bat.yar rename to yara_rules/loader_win_konni_bat.yar index 2f13842..a660f59 100644 --- a/yara_rules/sekoiaio_loader_win_konni_bat.yar +++ b/yara_rules/loader_win_konni_bat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_konni_bat { +rule loader_win_konni_bat { meta: id = "e8921336-6c91-4b46-bd3f-3cf4a9b31082" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_konni_wpnprv.yar b/yara_rules/loader_win_konni_wpnprv.yar similarity index 93% rename from yara_rules/sekoiaio_loader_win_konni_wpnprv.yar rename to yara_rules/loader_win_konni_wpnprv.yar index 57bd5f0..22dfe2a 100644 --- a/yara_rules/sekoiaio_loader_win_konni_wpnprv.yar +++ b/yara_rules/loader_win_konni_wpnprv.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_konni_wpnprv { +rule loader_win_konni_wpnprv { meta: id = "02162533-4ace-42bf-8df0-38b140487f01" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_ninerat.yar b/yara_rules/loader_win_ninerat.yar similarity index 97% rename from yara_rules/sekoiaio_loader_win_ninerat.yar rename to yara_rules/loader_win_ninerat.yar index 46fcf26..1b378d7 100644 --- a/yara_rules/sekoiaio_loader_win_ninerat.yar +++ b/yara_rules/loader_win_ninerat.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_loader_win_ninerat { +rule loader_win_ninerat { meta: id = "b9aa3ddc-7892-402f-b045-182884ee9bad" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_operationmagalenha_vbs.yar b/yara_rules/loader_win_operationmagalenha_vbs.yar similarity index 96% rename from yara_rules/sekoiaio_loader_win_operationmagalenha_vbs.yar rename to yara_rules/loader_win_operationmagalenha_vbs.yar index 99d4d6b..a8d64bc 100644 --- a/yara_rules/sekoiaio_loader_win_operationmagalenha_vbs.yar +++ b/yara_rules/loader_win_operationmagalenha_vbs.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_operationmagalenha_vbs { +rule loader_win_operationmagalenha_vbs { meta: version = "1.0" description = "Finds VBS file loading the PeepingTitle backdoor" diff --git a/yara_rules/sekoiaio_loader_win_piccassoloader.yar b/yara_rules/loader_win_piccassoloader.yar similarity index 94% rename from yara_rules/sekoiaio_loader_win_piccassoloader.yar rename to yara_rules/loader_win_piccassoloader.yar index 7ca8f32..23ce52a 100644 --- a/yara_rules/sekoiaio_loader_win_piccassoloader.yar +++ b/yara_rules/loader_win_piccassoloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_piccassoloader { +rule loader_win_piccassoloader { meta: id = "91d9c2de-451e-467e-8f5c-38bbcce92b72" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_purecrypter.yar b/yara_rules/loader_win_purecrypter.yar similarity index 93% rename from yara_rules/sekoiaio_loader_win_purecrypter.yar rename to yara_rules/loader_win_purecrypter.yar index d1b534c..3661b75 100644 --- a/yara_rules/sekoiaio_loader_win_purecrypter.yar +++ b/yara_rules/loader_win_purecrypter.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_purecrypter { +rule loader_win_purecrypter { meta: version = "1.0" description = "Detect the PureCrypter loader" diff --git a/yara_rules/sekoiaio_loader_win_red0044_powershell_may24.yar b/yara_rules/loader_win_red0044_powershell_may24.yar similarity index 94% rename from yara_rules/sekoiaio_loader_win_red0044_powershell_may24.yar rename to yara_rules/loader_win_red0044_powershell_may24.yar index baa033a..aafcd5a 100644 --- a/yara_rules/sekoiaio_loader_win_red0044_powershell_may24.yar +++ b/yara_rules/loader_win_red0044_powershell_may24.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_red0044_powershell_may24 { +rule loader_win_red0044_powershell_may24 { meta: id = "ba3454b4-31cf-458d-8d78-c5cc5fa348ff" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_revil_loader.yar b/yara_rules/loader_win_revil_loader.yar similarity index 97% rename from yara_rules/sekoiaio_loader_win_revil_loader.yar rename to yara_rules/loader_win_revil_loader.yar index 58c8d29..226f7c6 100644 --- a/yara_rules/sekoiaio_loader_win_revil_loader.yar +++ b/yara_rules/loader_win_revil_loader.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_loader_win_revil_loader { +rule loader_win_revil_loader { meta: id = "3c293e87-e2d7-475a-9536-8b991961fa11" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_squirrelwaffle.yar b/yara_rules/loader_win_squirrelwaffle.yar similarity index 92% rename from yara_rules/sekoiaio_loader_win_squirrelwaffle.yar rename to yara_rules/loader_win_squirrelwaffle.yar index 9039cef..27714df 100644 --- a/yara_rules/sekoiaio_loader_win_squirrelwaffle.yar +++ b/yara_rules/loader_win_squirrelwaffle.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_squirrelwaffle { +rule loader_win_squirrelwaffle { meta: id = "bea3125e-6e84-435f-855b-fd3239a0deac" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_squirrelwaffle_doc.yar b/yara_rules/loader_win_squirrelwaffle_doc.yar similarity index 94% rename from yara_rules/sekoiaio_loader_win_squirrelwaffle_doc.yar rename to yara_rules/loader_win_squirrelwaffle_doc.yar index 86e925d..0b8353d 100644 --- a/yara_rules/sekoiaio_loader_win_squirrelwaffle_doc.yar +++ b/yara_rules/loader_win_squirrelwaffle_doc.yar @@ -1,4 +1,4 @@ -rule sekoiaio_loader_win_squirrelwaffle_doc { +rule loader_win_squirrelwaffle_doc { meta: id = "caadeac3-d4c7-4d84-b539-c03cc4c6c274" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_stealthvector.yar b/yara_rules/loader_win_stealthvector.yar similarity index 96% rename from yara_rules/sekoiaio_loader_win_stealthvector.yar rename to yara_rules/loader_win_stealthvector.yar index eb56cca..8cfc9bb 100644 --- a/yara_rules/sekoiaio_loader_win_stealthvector.yar +++ b/yara_rules/loader_win_stealthvector.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_loader_win_stealthvector { +rule loader_win_stealthvector { meta: id = "ecf6421a-f492-43c4-9ed7-eb4724d24779" version = "1.0" diff --git a/yara_rules/sekoiaio_loader_win_svcready_imports.yar b/yara_rules/loader_win_svcready_imports.yar similarity index 94% rename from yara_rules/sekoiaio_loader_win_svcready_imports.yar rename to yara_rules/loader_win_svcready_imports.yar index eb2ee06..3de8dab 100644 --- a/yara_rules/sekoiaio_loader_win_svcready_imports.yar +++ b/yara_rules/loader_win_svcready_imports.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_loader_win_svcready_imports { +rule loader_win_svcready_imports { meta: id = "e89aa736-acee-4881-b367-a9abfe9784ec" version = "1.0" diff --git a/yara_rules/sekoiaio_luckymouse_sysupdate_loader.yar b/yara_rules/luckymouse_sysupdate_loader.yar similarity index 91% rename from yara_rules/sekoiaio_luckymouse_sysupdate_loader.yar rename to yara_rules/luckymouse_sysupdate_loader.yar index 000e77e..d00a98f 100644 --- a/yara_rules/sekoiaio_luckymouse_sysupdate_loader.yar +++ b/yara_rules/luckymouse_sysupdate_loader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_luckymouse_sysupdate_loader { +rule luckymouse_sysupdate_loader { meta: id = "6007e846-d467-4d07-b345-e25191b7c8bc" version = "1.0" diff --git a/yara_rules/sekoiaio_luckymouse_sysupdate_payload.yar b/yara_rules/luckymouse_sysupdate_payload.yar similarity index 90% rename from yara_rules/sekoiaio_luckymouse_sysupdate_payload.yar rename to yara_rules/luckymouse_sysupdate_payload.yar index 5b00ecf..1155355 100644 --- a/yara_rules/sekoiaio_luckymouse_sysupdate_payload.yar +++ b/yara_rules/luckymouse_sysupdate_payload.yar @@ -1,4 +1,4 @@ -rule sekoiaio_luckymouse_sysupdate_payload { +rule luckymouse_sysupdate_payload { meta: id = "97df4700-de35-49a0-869e-ed89a6d9cbdd" version = "1.0" diff --git a/yara_rules/sekoiaio_malicious_lnk_exploiting_webdav_share_generic.yar b/yara_rules/malicious_lnk_exploiting_webdav_share_generic.yar similarity index 89% rename from yara_rules/sekoiaio_malicious_lnk_exploiting_webdav_share_generic.yar rename to yara_rules/malicious_lnk_exploiting_webdav_share_generic.yar index eff0364..b98627b 100644 --- a/yara_rules/sekoiaio_malicious_lnk_exploiting_webdav_share_generic.yar +++ b/yara_rules/malicious_lnk_exploiting_webdav_share_generic.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malicious_lnk_exploiting_webdav_share_generic { +rule malicious_lnk_exploiting_webdav_share_generic { meta: id = "b228643c-ab23-46e1-b170-3da6bcb2dd23" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_httpshell_strings.yar b/yara_rules/malware_httpshell_strings.yar similarity index 93% rename from yara_rules/sekoiaio_malware_httpshell_strings.yar rename to yara_rules/malware_httpshell_strings.yar index f4486c1..1698922 100644 --- a/yara_rules/sekoiaio_malware_httpshell_strings.yar +++ b/yara_rules/malware_httpshell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_httpshell_strings { +rule malware_httpshell_strings { meta: id = "58f25666-5dc2-4f4f-9fac-fc05d1e66945" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_remcom_strings.yar b/yara_rules/malware_remcom_strings.yar similarity index 93% rename from yara_rules/sekoiaio_malware_remcom_strings.yar rename to yara_rules/malware_remcom_strings.yar index bf0f6df..e32bd38 100644 --- a/yara_rules/sekoiaio_malware_remcom_strings.yar +++ b/yara_rules/malware_remcom_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_remcom_strings { +rule malware_remcom_strings { meta: id = "7a56d55a-2f35-41ef-b7af-259baf215a62" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_sugargh0st_strings.yar b/yara_rules/malware_sugargh0st_strings.yar similarity index 92% rename from yara_rules/sekoiaio_malware_sugargh0st_strings.yar rename to yara_rules/malware_sugargh0st_strings.yar index a253161..f2f2051 100644 --- a/yara_rules/sekoiaio_malware_sugargh0st_strings.yar +++ b/yara_rules/malware_sugargh0st_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_sugargh0st_strings { +rule malware_sugargh0st_strings { meta: id = "51930498-b04a-4f13-8d14-ee975a28126e" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_swordldr.yar b/yara_rules/malware_swordldr.yar similarity index 97% rename from yara_rules/sekoiaio_malware_swordldr.yar rename to yara_rules/malware_swordldr.yar index 62367a5..00f503c 100644 --- a/yara_rules/sekoiaio_malware_swordldr.yar +++ b/yara_rules/malware_swordldr.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_swordldr { +rule malware_swordldr { meta: id = "4068c007-50f4-4913-a352-4a40dd4e452b" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_tinyshell_strings.yar b/yara_rules/malware_tinyshell_strings.yar similarity index 94% rename from yara_rules/sekoiaio_malware_tinyshell_strings.yar rename to yara_rules/malware_tinyshell_strings.yar index 09da4ad..ca3e8f3 100644 --- a/yara_rules/sekoiaio_malware_tinyshell_strings.yar +++ b/yara_rules/malware_tinyshell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_tinyshell_strings { +rule malware_tinyshell_strings { meta: id = "51fe9986-cb33-4802-bb8d-fe3d4cdfdcc8" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_valleyrat_1ststage_strings.yar b/yara_rules/malware_valleyrat_1ststage_strings.yar similarity index 91% rename from yara_rules/sekoiaio_malware_valleyrat_1ststage_strings.yar rename to yara_rules/malware_valleyrat_1ststage_strings.yar index 6e49c75..ac30006 100644 --- a/yara_rules/sekoiaio_malware_valleyrat_1ststage_strings.yar +++ b/yara_rules/malware_valleyrat_1ststage_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_valleyrat_1ststage_strings { +rule malware_valleyrat_1ststage_strings { meta: id = "6628ba47-37ad-4bdb-bbc0-7286d777000e" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_valleyrat_downloader_strings.yar b/yara_rules/malware_valleyrat_downloader_strings.yar similarity index 90% rename from yara_rules/sekoiaio_malware_valleyrat_downloader_strings.yar rename to yara_rules/malware_valleyrat_downloader_strings.yar index 77a5661..191dc08 100644 --- a/yara_rules/sekoiaio_malware_valleyrat_downloader_strings.yar +++ b/yara_rules/malware_valleyrat_downloader_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_valleyrat_downloader_strings { +rule malware_valleyrat_downloader_strings { meta: id = "12985f34-f894-402b-80d1-5d6b2486d730" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_valleyrat_strings_config.yar b/yara_rules/malware_valleyrat_strings_config.yar similarity index 95% rename from yara_rules/sekoiaio_malware_valleyrat_strings_config.yar rename to yara_rules/malware_valleyrat_strings_config.yar index 3b52d3f..b7641e0 100644 --- a/yara_rules/sekoiaio_malware_valleyrat_strings_config.yar +++ b/yara_rules/malware_valleyrat_strings_config.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_valleyrat_strings_config { +rule malware_valleyrat_strings_config { meta: id = "bb186ab7-60cd-487e-8b9c-c2ff8f121454" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_venom_admin_strings.yar b/yara_rules/malware_venom_admin_strings.yar similarity index 93% rename from yara_rules/sekoiaio_malware_venom_admin_strings.yar rename to yara_rules/malware_venom_admin_strings.yar index 4ca7f79..04e7b15 100644 --- a/yara_rules/sekoiaio_malware_venom_admin_strings.yar +++ b/yara_rules/malware_venom_admin_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_venom_admin_strings { +rule malware_venom_admin_strings { meta: id = "4929340c-310b-4c59-a111-23409f973d22" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_venom_agent_strings.yar b/yara_rules/malware_venom_agent_strings.yar similarity index 96% rename from yara_rules/sekoiaio_malware_venom_agent_strings.yar rename to yara_rules/malware_venom_agent_strings.yar index 52e2ae7..d94b406 100644 --- a/yara_rules/sekoiaio_malware_venom_agent_strings.yar +++ b/yara_rules/malware_venom_agent_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_venom_agent_strings { +rule malware_venom_agent_strings { meta: id = "87633510-8b39-4eb1-b95b-4ebff21f3bba" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_win_lyceum_maldoc_macro_20220613.yar b/yara_rules/malware_win_lyceum_maldoc_macro_20220613.yar similarity index 88% rename from yara_rules/sekoiaio_malware_win_lyceum_maldoc_macro_20220613.yar rename to yara_rules/malware_win_lyceum_maldoc_macro_20220613.yar index 34c18e0..37ace4c 100644 --- a/yara_rules/sekoiaio_malware_win_lyceum_maldoc_macro_20220613.yar +++ b/yara_rules/malware_win_lyceum_maldoc_macro_20220613.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_win_lyceum_maldoc_macro_20220613 { +rule malware_win_lyceum_maldoc_macro_20220613 { meta: id = "3046bffd-261f-4d5b-9015-f2e5fc31c9c9" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_win_mex.yar b/yara_rules/malware_win_mex.yar similarity index 98% rename from yara_rules/sekoiaio_malware_win_mex.yar rename to yara_rules/malware_win_mex.yar index 7669471..47fbf29 100644 --- a/yara_rules/sekoiaio_malware_win_mex.yar +++ b/yara_rules/malware_win_mex.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_win_mex { +rule malware_win_mex { meta: id = "57fe8525-4bab-4078-ac6f-635f0f7963ec" version = "1.0" diff --git a/yara_rules/sekoiaio_malware_win_passlib.yar b/yara_rules/malware_win_passlib.yar similarity index 97% rename from yara_rules/sekoiaio_malware_win_passlib.yar rename to yara_rules/malware_win_passlib.yar index 123630a..179f93d 100644 --- a/yara_rules/sekoiaio_malware_win_passlib.yar +++ b/yara_rules/malware_win_passlib.yar @@ -1,4 +1,4 @@ -rule sekoiaio_malware_win_passlib { +rule malware_win_passlib { meta: id = "609999e2-a644-4bf3-bce2-b0e1b0e7094b" version = "1.0" diff --git a/yara_rules/sekoiaio_manjusaka_samples.yar b/yara_rules/manjusaka_samples.yar similarity index 97% rename from yara_rules/sekoiaio_manjusaka_samples.yar rename to yara_rules/manjusaka_samples.yar index 6a21821..165a321 100644 --- a/yara_rules/sekoiaio_manjusaka_samples.yar +++ b/yara_rules/manjusaka_samples.yar @@ -1,4 +1,4 @@ -rule sekoiaio_manjusaka_samples { +rule manjusaka_samples { meta: id = "7aa8edb3-2e67-4632-af68-5b65c9aefe39" version = "1.0" diff --git a/yara_rules/sekoiaio_merlin_crossplatform.yar b/yara_rules/merlin_crossplatform.yar similarity index 94% rename from yara_rules/sekoiaio_merlin_crossplatform.yar rename to yara_rules/merlin_crossplatform.yar index acbefa1..b56358b 100644 --- a/yara_rules/sekoiaio_merlin_crossplatform.yar +++ b/yara_rules/merlin_crossplatform.yar @@ -1,4 +1,4 @@ -rule sekoiaio_merlin_crossplatform { +rule merlin_crossplatform { meta: id = "c9c57f5e-26c3-43be-b2cf-10f5129d3be6" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_merlin_linux_elf.yar b/yara_rules/merlin_linux_elf.yar similarity index 97% rename from yara_rules/sekoiaio_merlin_linux_elf.yar rename to yara_rules/merlin_linux_elf.yar index ada12fb..09e8b8f 100644 --- a/yara_rules/sekoiaio_merlin_linux_elf.yar +++ b/yara_rules/merlin_linux_elf.yar @@ -1,7 +1,7 @@ import "elf" import "hash" -rule sekoiaio_merlin_linux_elf { +rule merlin_linux_elf { meta: id = "d9c57f5e-26c3-43be-b2cf-10f5129d3be6" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_merlin_win_dll.yar b/yara_rules/merlin_win_dll.yar similarity index 98% rename from yara_rules/sekoiaio_merlin_win_dll.yar rename to yara_rules/merlin_win_dll.yar index 3d9b1c8..7d1c2d6 100644 --- a/yara_rules/sekoiaio_merlin_win_dll.yar +++ b/yara_rules/merlin_win_dll.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_merlin_win_dll { +rule merlin_win_dll { meta: id = "c9c57f5e-26c3-43be-b2cf-10f5129d3be5" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_merlin_win_exe.yar b/yara_rules/merlin_win_exe.yar similarity index 96% rename from yara_rules/sekoiaio_merlin_win_exe.yar rename to yara_rules/merlin_win_exe.yar index 303e808..a3dbf2c 100644 --- a/yara_rules/sekoiaio_merlin_win_exe.yar +++ b/yara_rules/merlin_win_exe.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_merlin_win_exe { +rule merlin_win_exe { meta: id = "c9c57f5e-26c3-43be-b2cf-10f5129d3be4" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_miner_lin_xmrig_strings.yar b/yara_rules/miner_lin_xmrig_strings.yar similarity index 95% rename from yara_rules/sekoiaio_miner_lin_xmrig_strings.yar rename to yara_rules/miner_lin_xmrig_strings.yar index 53e2638..991bc48 100644 --- a/yara_rules/sekoiaio_miner_lin_xmrig_strings.yar +++ b/yara_rules/miner_lin_xmrig_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_miner_lin_xmrig_strings { +rule miner_lin_xmrig_strings { meta: id = "2f99020b-424c-4433-860c-5e9ab4e1f1de" version = "1.0" diff --git a/yara_rules/sekoiaio_miner_win_xmrig_strings.yar b/yara_rules/miner_win_xmrig_strings.yar similarity index 95% rename from yara_rules/sekoiaio_miner_win_xmrig_strings.yar rename to yara_rules/miner_win_xmrig_strings.yar index 7587f9f..e2be74a 100644 --- a/yara_rules/sekoiaio_miner_win_xmrig_strings.yar +++ b/yara_rules/miner_win_xmrig_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_miner_win_xmrig_strings { +rule miner_win_xmrig_strings { meta: id = "35f203aa-20cd-4235-9ead-b34be14255d5" version = "1.0" diff --git a/yara_rules/sekoiaio_nomercy.yar b/yara_rules/nomercy.yar similarity index 99% rename from yara_rules/sekoiaio_nomercy.yar rename to yara_rules/nomercy.yar index 1cd35c8..f28f24b 100644 --- a/yara_rules/sekoiaio_nomercy.yar +++ b/yara_rules/nomercy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_nomercy { +rule nomercy { meta: id = "2591f74b-8ab8-45ef-ba64-62a93df305c1" version = "1.0" diff --git a/yara_rules/sekoiaio_observerstealer.yar b/yara_rules/observerstealer.yar similarity index 95% rename from yara_rules/sekoiaio_observerstealer.yar rename to yara_rules/observerstealer.yar index 7d1ab37..d56d253 100644 --- a/yara_rules/sekoiaio_observerstealer.yar +++ b/yara_rules/observerstealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_observerstealer { +rule observerstealer { meta: id = "52314870-c100-441d-9ccf-07588325a401" version = "1.0" diff --git a/yara_rules/sekoiaio_pe_princeransomware_strings.yar b/yara_rules/pe_princeransomware_strings.yar similarity index 94% rename from yara_rules/sekoiaio_pe_princeransomware_strings.yar rename to yara_rules/pe_princeransomware_strings.yar index 12593eb..83100f9 100644 --- a/yara_rules/sekoiaio_pe_princeransomware_strings.yar +++ b/yara_rules/pe_princeransomware_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_pe_princeransomware_strings { +rule pe_princeransomware_strings { meta: id = "9c5cad6e-2b11-469c-ace1-2dc51562b035" version = "1.0" diff --git a/yara_rules/sekoiaio_pe_stealer_axilestealer_strings.yar b/yara_rules/pe_stealer_axilestealer_strings.yar similarity index 95% rename from yara_rules/sekoiaio_pe_stealer_axilestealer_strings.yar rename to yara_rules/pe_stealer_axilestealer_strings.yar index 9067df4..b865b9d 100644 --- a/yara_rules/sekoiaio_pe_stealer_axilestealer_strings.yar +++ b/yara_rules/pe_stealer_axilestealer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_pe_stealer_axilestealer_strings { +rule pe_stealer_axilestealer_strings { meta: id = "412bfc3e-6bb7-4b0d-8bb3-96eae0cc9782" version = "1.0" diff --git a/yara_rules/sekoiaio_pe_stealer_scarletstealer_strings.yar b/yara_rules/pe_stealer_scarletstealer_strings.yar similarity index 95% rename from yara_rules/sekoiaio_pe_stealer_scarletstealer_strings.yar rename to yara_rules/pe_stealer_scarletstealer_strings.yar index 45529cb..a5347cc 100644 --- a/yara_rules/sekoiaio_pe_stealer_scarletstealer_strings.yar +++ b/yara_rules/pe_stealer_scarletstealer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_pe_stealer_scarletstealer_strings { +rule pe_stealer_scarletstealer_strings { meta: id = "ca930851-513f-44e5-abb4-ca0edfde3428" version = "1.0" diff --git a/yara_rules/sekoiaio_platypus_winlinmac_strings.yar b/yara_rules/platypus_winlinmac_strings.yar similarity index 94% rename from yara_rules/sekoiaio_platypus_winlinmac_strings.yar rename to yara_rules/platypus_winlinmac_strings.yar index f858e31..187981e 100644 --- a/yara_rules/sekoiaio_platypus_winlinmac_strings.yar +++ b/yara_rules/platypus_winlinmac_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_platypus_winlinmac_strings { +rule platypus_winlinmac_strings { meta: id = "4519448d-b91b-4794-9521-359b8cf4af78" version = "1.0" diff --git a/yara_rules/sekoiaio_plugx_final_payload.yar b/yara_rules/plugx_final_payload.yar similarity index 95% rename from yara_rules/sekoiaio_plugx_final_payload.yar rename to yara_rules/plugx_final_payload.yar index de16a5c..f2827dc 100644 --- a/yara_rules/sekoiaio_plugx_final_payload.yar +++ b/yara_rules/plugx_final_payload.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_plugx_final_payload { +rule plugx_final_payload { meta: id = "a4047324-81a7-4c17-be84-c0fa479d2f89" version = "1.0" diff --git a/yara_rules/sekoiaio_radx_stealer.yar b/yara_rules/radx_stealer.yar similarity index 96% rename from yara_rules/sekoiaio_radx_stealer.yar rename to yara_rules/radx_stealer.yar index 07fdcc0..6b412e9 100644 --- a/yara_rules/sekoiaio_radx_stealer.yar +++ b/yara_rules/radx_stealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_radx_stealer { +rule radx_stealer { meta: id = "bf2aae08-169c-4bc9-a1ac-80f4b79ef6d7" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_lin_avoslocker_sections.yar b/yara_rules/ransomware_lin_avoslocker_sections.yar similarity index 97% rename from yara_rules/sekoiaio_ransomware_lin_avoslocker_sections.yar rename to yara_rules/ransomware_lin_avoslocker_sections.yar index f851b3f..701b842 100644 --- a/yara_rules/sekoiaio_ransomware_lin_avoslocker_sections.yar +++ b/yara_rules/ransomware_lin_avoslocker_sections.yar @@ -1,7 +1,7 @@ import "elf" import "hash" -rule sekoiaio_ransomware_lin_avoslocker_sections { +rule ransomware_lin_avoslocker_sections { meta: id = "3a7bf14d-24fb-47c9-b073-dd734f808983" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_lin_avoslocker_strings.yar b/yara_rules/ransomware_lin_avoslocker_strings.yar similarity index 95% rename from yara_rules/sekoiaio_ransomware_lin_avoslocker_strings.yar rename to yara_rules/ransomware_lin_avoslocker_strings.yar index ef9d9db..46ee072 100644 --- a/yara_rules/sekoiaio_ransomware_lin_avoslocker_strings.yar +++ b/yara_rules/ransomware_lin_avoslocker_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_lin_avoslocker_strings { +rule ransomware_lin_avoslocker_strings { meta: version = "1.0" description = "Detect AvosLocker ransomware for Linux by using strings from its ransom note and the onion domains" diff --git a/yara_rules/sekoiaio_ransomware_linux_icefire_2023.yar b/yara_rules/ransomware_linux_icefire_2023.yar similarity index 95% rename from yara_rules/sekoiaio_ransomware_linux_icefire_2023.yar rename to yara_rules/ransomware_linux_icefire_2023.yar index 92b2fc6..4c70bba 100644 --- a/yara_rules/sekoiaio_ransomware_linux_icefire_2023.yar +++ b/yara_rules/ransomware_linux_icefire_2023.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_linux_icefire_2023 { +rule ransomware_linux_icefire_2023 { meta: id = "b04964f4-3fdc-4745-9f4a-95a5a79bc7e1" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_mallox.yar b/yara_rules/ransomware_mallox.yar similarity index 98% rename from yara_rules/sekoiaio_ransomware_mallox.yar rename to yara_rules/ransomware_mallox.yar index 3ffc0b9..3bc30db 100644 --- a/yara_rules/sekoiaio_ransomware_mallox.yar +++ b/yara_rules/ransomware_mallox.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_mallox { +rule ransomware_mallox { meta: id = "7e2edc94-26e4-4024-8bc0-8e90d76f5a96" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_agenda.yar b/yara_rules/ransomware_win_agenda.yar similarity index 96% rename from yara_rules/sekoiaio_ransomware_win_agenda.yar rename to yara_rules/ransomware_win_agenda.yar index 5db670e..c9f05e3 100644 --- a/yara_rules/sekoiaio_ransomware_win_agenda.yar +++ b/yara_rules/ransomware_win_agenda.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_agenda { +rule ransomware_win_agenda { meta: version = "1.0" description = "Finds Agenda ransomware (aka Qilin) samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_ransomware_win_avoslocker.yar b/yara_rules/ransomware_win_avoslocker.yar similarity index 95% rename from yara_rules/sekoiaio_ransomware_win_avoslocker.yar rename to yara_rules/ransomware_win_avoslocker.yar index e9621b6..0376dbc 100644 --- a/yara_rules/sekoiaio_ransomware_win_avoslocker.yar +++ b/yara_rules/ransomware_win_avoslocker.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_avoslocker { +rule ransomware_win_avoslocker { meta: id = "fc5c2483-48cb-4282-b6cb-ac728b948607" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_blackcat.yar b/yara_rules/ransomware_win_blackcat.yar similarity index 96% rename from yara_rules/sekoiaio_ransomware_win_blackcat.yar rename to yara_rules/ransomware_win_blackcat.yar index 1f17e1e..5c53350 100644 --- a/yara_rules/sekoiaio_ransomware_win_blackcat.yar +++ b/yara_rules/ransomware_win_blackcat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_blackcat { +rule ransomware_win_blackcat { meta: id = "873355f7-3942-4171-9df7-f524bb6b6903" description = "Detect the BlackCat ransomware (Windows version)" diff --git a/yara_rules/sekoiaio_ransomware_win_blackmatter.yar b/yara_rules/ransomware_win_blackmatter.yar similarity index 92% rename from yara_rules/sekoiaio_ransomware_win_blackmatter.yar rename to yara_rules/ransomware_win_blackmatter.yar index c686631..e2e7257 100644 --- a/yara_rules/sekoiaio_ransomware_win_blackmatter.yar +++ b/yara_rules/ransomware_win_blackmatter.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_ransomware_win_blackmatter { +rule ransomware_win_blackmatter { meta: id = "9b2d8ac3-b4d1-40f5-ac57-411547dcb2cf" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_chaos.yar b/yara_rules/ransomware_win_chaos.yar similarity index 97% rename from yara_rules/sekoiaio_ransomware_win_chaos.yar rename to yara_rules/ransomware_win_chaos.yar index 518a75b..c073a8d 100644 --- a/yara_rules/sekoiaio_ransomware_win_chaos.yar +++ b/yara_rules/ransomware_win_chaos.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_chaos { +rule ransomware_win_chaos { meta: id = "c1876a18-0618-44e2-8919-b4a041de97e7" description = "Detects the Chaos Ransomware" diff --git a/yara_rules/sekoiaio_ransomware_win_dodo_2023.yar b/yara_rules/ransomware_win_dodo_2023.yar similarity index 95% rename from yara_rules/sekoiaio_ransomware_win_dodo_2023.yar rename to yara_rules/ransomware_win_dodo_2023.yar index c29d3ba..fea42be 100644 --- a/yara_rules/sekoiaio_ransomware_win_dodo_2023.yar +++ b/yara_rules/ransomware_win_dodo_2023.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_dodo_2023 { +rule ransomware_win_dodo_2023 { meta: id = "190977d4-5a7a-4e15-8f90-085f82ec56c8" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_eking_rich_header.yar b/yara_rules/ransomware_win_eking_rich_header.yar similarity index 89% rename from yara_rules/sekoiaio_ransomware_win_eking_rich_header.yar rename to yara_rules/ransomware_win_eking_rich_header.yar index d52f76e..38b7bb4 100644 --- a/yara_rules/sekoiaio_ransomware_win_eking_rich_header.yar +++ b/yara_rules/ransomware_win_eking_rich_header.yar @@ -1,7 +1,7 @@ import "hash" import "pe" -rule sekoiaio_ransomware_win_eking_rich_header { +rule ransomware_win_eking_rich_header { meta: id = "9fe76f89-f27a-4a47-a61c-2d767a1a8acb" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_fonix.yar b/yara_rules/ransomware_win_fonix.yar similarity index 92% rename from yara_rules/sekoiaio_ransomware_win_fonix.yar rename to yara_rules/ransomware_win_fonix.yar index 5e5f514..85ea38e 100644 --- a/yara_rules/sekoiaio_ransomware_win_fonix.yar +++ b/yara_rules/ransomware_win_fonix.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_fonix { +rule ransomware_win_fonix { meta: id = "b28467d5-69a0-4a8b-8938-8fdac2ae8d19" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_honkai_jan2023.yar b/yara_rules/ransomware_win_honkai_jan2023.yar similarity index 94% rename from yara_rules/sekoiaio_ransomware_win_honkai_jan2023.yar rename to yara_rules/ransomware_win_honkai_jan2023.yar index 5db8edd..95212f4 100644 --- a/yara_rules/sekoiaio_ransomware_win_honkai_jan2023.yar +++ b/yara_rules/ransomware_win_honkai_jan2023.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_honkai_jan2023 { +rule ransomware_win_honkai_jan2023 { meta: id = "6ef91cb5-e122-4f91-bc15-3813b8f91cbf" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_karma.yar b/yara_rules/ransomware_win_karma.yar similarity index 94% rename from yara_rules/sekoiaio_ransomware_win_karma.yar rename to yara_rules/ransomware_win_karma.yar index c3c8a40..e1151c2 100644 --- a/yara_rules/sekoiaio_ransomware_win_karma.yar +++ b/yara_rules/ransomware_win_karma.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_karma { +rule ransomware_win_karma { meta: id = "efd87a17-7c99-404a-8ea6-2f5c2121f9f2" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_lorenz.yar b/yara_rules/ransomware_win_lorenz.yar similarity index 96% rename from yara_rules/sekoiaio_ransomware_win_lorenz.yar rename to yara_rules/ransomware_win_lorenz.yar index e909d7f..3ff3176 100644 --- a/yara_rules/sekoiaio_ransomware_win_lorenz.yar +++ b/yara_rules/ransomware_win_lorenz.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_lorenz { +rule ransomware_win_lorenz { meta: id = "6936cc61-efe5-4d13-b76f-e808ab331457" version = "1.1" diff --git a/yara_rules/sekoiaio_ransomware_win_masons_jan2023.yar b/yara_rules/ransomware_win_masons_jan2023.yar similarity index 92% rename from yara_rules/sekoiaio_ransomware_win_masons_jan2023.yar rename to yara_rules/ransomware_win_masons_jan2023.yar index 90ddd8f..e1b3d14 100644 --- a/yara_rules/sekoiaio_ransomware_win_masons_jan2023.yar +++ b/yara_rules/ransomware_win_masons_jan2023.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_masons_jan2023 { +rule ransomware_win_masons_jan2023 { meta: id = "cf2af08b-b4a8-4245-9308-242e15aeb346" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_raworld.yar b/yara_rules/ransomware_win_raworld.yar similarity index 94% rename from yara_rules/sekoiaio_ransomware_win_raworld.yar rename to yara_rules/ransomware_win_raworld.yar index a05569e..40be9b0 100644 --- a/yara_rules/sekoiaio_ransomware_win_raworld.yar +++ b/yara_rules/ransomware_win_raworld.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_raworld { +rule ransomware_win_raworld { meta: id = "a9ed9c5a-7a0e-4c2e-90f4-d52f5589b2b8" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_redeemer.yar b/yara_rules/ransomware_win_redeemer.yar similarity index 96% rename from yara_rules/sekoiaio_ransomware_win_redeemer.yar rename to yara_rules/ransomware_win_redeemer.yar index f6fb9a8..620e6eb 100644 --- a/yara_rules/sekoiaio_ransomware_win_redeemer.yar +++ b/yara_rules/ransomware_win_redeemer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_redeemer { +rule ransomware_win_redeemer { meta: version = "1.0" description = "Finds Redeemer samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_ransomware_win_scransom.yar b/yara_rules/ransomware_win_scransom.yar similarity index 96% rename from yara_rules/sekoiaio_ransomware_win_scransom.yar rename to yara_rules/ransomware_win_scransom.yar index a6c346a..b3f7f6a 100644 --- a/yara_rules/sekoiaio_ransomware_win_scransom.yar +++ b/yara_rules/ransomware_win_scransom.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_scransom { +rule ransomware_win_scransom { meta: id = "ea799295-1332-49c6-9816-035b91fc9b4f" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_shrinklocker.yar b/yara_rules/ransomware_win_shrinklocker.yar similarity index 95% rename from yara_rules/sekoiaio_ransomware_win_shrinklocker.yar rename to yara_rules/ransomware_win_shrinklocker.yar index 6b634f8..3b8e29f 100644 --- a/yara_rules/sekoiaio_ransomware_win_shrinklocker.yar +++ b/yara_rules/ransomware_win_shrinklocker.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_shrinklocker { +rule ransomware_win_shrinklocker { meta: id = "93a6fbdd-ad62-456a-a1a5-b5ae3b242004" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_voidcrypt.yar b/yara_rules/ransomware_win_voidcrypt.yar similarity index 92% rename from yara_rules/sekoiaio_ransomware_win_voidcrypt.yar rename to yara_rules/ransomware_win_voidcrypt.yar index 30601f7..dd9dd4d 100644 --- a/yara_rules/sekoiaio_ransomware_win_voidcrypt.yar +++ b/yara_rules/ransomware_win_voidcrypt.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_voidcrypt { +rule ransomware_win_voidcrypt { meta: id = "394033cc-20fe-4ced-8d77-5f1061bb8c96" version = "1.0" diff --git a/yara_rules/sekoiaio_ransomware_win_wing.yar b/yara_rules/ransomware_win_wing.yar similarity index 98% rename from yara_rules/sekoiaio_ransomware_win_wing.yar rename to yara_rules/ransomware_win_wing.yar index b4f9a84..c60a0d4 100644 --- a/yara_rules/sekoiaio_ransomware_win_wing.yar +++ b/yara_rules/ransomware_win_wing.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ransomware_win_wing { +rule ransomware_win_wing { meta: id = "c2fe8321-8013-4aa4-91a6-c0face3e6b52" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_darkvision_string.yar b/yara_rules/rat_darkvision_string.yar similarity index 96% rename from yara_rules/sekoiaio_rat_darkvision_string.yar rename to yara_rules/rat_darkvision_string.yar index 3135a04..b6dfa59 100644 --- a/yara_rules/sekoiaio_rat_darkvision_string.yar +++ b/yara_rules/rat_darkvision_string.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_darkvision_string { +rule rat_darkvision_string { meta: id = "ab698a79-42ee-452a-a3ba-1a9872d5e2bc" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_lin_gobrat_2023.yar b/yara_rules/rat_lin_gobrat_2023.yar similarity index 95% rename from yara_rules/sekoiaio_rat_lin_gobrat_2023.yar rename to yara_rules/rat_lin_gobrat_2023.yar index e50ba15..2b3285e 100644 --- a/yara_rules/sekoiaio_rat_lin_gobrat_2023.yar +++ b/yara_rules/rat_lin_gobrat_2023.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_lin_gobrat_2023 { +rule rat_lin_gobrat_2023 { meta: id = "ca36a586-f87f-445f-95dc-52d447c1d2a2" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_arrow_str.yar b/yara_rules/rat_win_arrow_str.yar similarity index 97% rename from yara_rules/sekoiaio_rat_win_arrow_str.yar rename to yara_rules/rat_win_arrow_str.yar index 2ece4b8..79b1930 100644 --- a/yara_rules/sekoiaio_rat_win_arrow_str.yar +++ b/yara_rules/rat_win_arrow_str.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_arrow_str { +rule rat_win_arrow_str { meta: version = "1.0" description = "Finds Arrow RAT samples based on the specific malware strings" diff --git a/yara_rules/sekoiaio_rat_win_asbit.yar b/yara_rules/rat_win_asbit.yar similarity index 95% rename from yara_rules/sekoiaio_rat_win_asbit.yar rename to yara_rules/rat_win_asbit.yar index 0cb700d..a0af7ea 100644 --- a/yara_rules/sekoiaio_rat_win_asbit.yar +++ b/yara_rules/rat_win_asbit.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_asbit { +rule rat_win_asbit { meta: version = "1.0" description = "Finds Asbit samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_rat_win_asyncrat.yar b/yara_rules/rat_win_asyncrat.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_asyncrat.yar rename to yara_rules/rat_win_asyncrat.yar index 46281bc..d208ab9 100644 --- a/yara_rules/sekoiaio_rat_win_asyncrat.yar +++ b/yara_rules/rat_win_asyncrat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_asyncrat { +rule rat_win_asyncrat { meta: id = "d698e4a1-77ff-4cd7-acb3-27fb16168ceb" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_atharvan.yar b/yara_rules/rat_win_atharvan.yar similarity index 91% rename from yara_rules/sekoiaio_rat_win_atharvan.yar rename to yara_rules/rat_win_atharvan.yar index e65f584..cf81bc6 100644 --- a/yara_rules/sekoiaio_rat_win_atharvan.yar +++ b/yara_rules/rat_win_atharvan.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_atharvan { +rule rat_win_atharvan { meta: id = "61347490-d281-4892-adba-89cf6187545f" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_babylon.yar b/yara_rules/rat_win_babylon.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_babylon.yar rename to yara_rules/rat_win_babylon.yar index 8a54f74..75efcb9 100644 --- a/yara_rules/sekoiaio_rat_win_babylon.yar +++ b/yara_rules/rat_win_babylon.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_babylon { +rule rat_win_babylon { meta: id = "ba9ab80a-ad7e-4746-aff2-9328440cbb25" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_borat.yar b/yara_rules/rat_win_borat.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_borat.yar rename to yara_rules/rat_win_borat.yar index 166446a..09daa39 100644 --- a/yara_rules/sekoiaio_rat_win_borat.yar +++ b/yara_rules/rat_win_borat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_borat { +rule rat_win_borat { meta: id = "9f8badb3-ee8b-45d9-8515-c847351bb1f5" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_dcrat_qwqdanchun.yar b/yara_rules/rat_win_dcrat_qwqdanchun.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_dcrat_qwqdanchun.yar rename to yara_rules/rat_win_dcrat_qwqdanchun.yar index db567a3..b12f858 100644 --- a/yara_rules/sekoiaio_rat_win_dcrat_qwqdanchun.yar +++ b/yara_rules/rat_win_dcrat_qwqdanchun.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_dcrat_qwqdanchun { +rule rat_win_dcrat_qwqdanchun { meta: id = "8206a410-48b3-425f-9dcb-7a528673a37a" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_hiddenz.yar b/yara_rules/rat_win_hiddenz.yar similarity index 94% rename from yara_rules/sekoiaio_rat_win_hiddenz.yar rename to yara_rules/rat_win_hiddenz.yar index a4c3f86..a8a6795 100644 --- a/yara_rules/sekoiaio_rat_win_hiddenz.yar +++ b/yara_rules/rat_win_hiddenz.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_hiddenz { +rule rat_win_hiddenz { meta: id = "4e582cda-4c50-4554-8e26-9d26206a02ee" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_konni_rat.yar b/yara_rules/rat_win_konni_rat.yar similarity index 94% rename from yara_rules/sekoiaio_rat_win_konni_rat.yar rename to yara_rules/rat_win_konni_rat.yar index 2261ceb..d34f6aa 100644 --- a/yara_rules/sekoiaio_rat_win_konni_rat.yar +++ b/yara_rules/rat_win_konni_rat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_konni_rat { +rule rat_win_konni_rat { meta: id = "032f1c79-6f03-4588-a4af-38b1f3ca1cb8" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_lilith.yar b/yara_rules/rat_win_lilith.yar similarity index 94% rename from yara_rules/sekoiaio_rat_win_lilith.yar rename to yara_rules/rat_win_lilith.yar index 84f547d..e8cf910 100644 --- a/yara_rules/sekoiaio_rat_win_lilith.yar +++ b/yara_rules/rat_win_lilith.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_lilith { +rule rat_win_lilith { meta: id = "944637e6-c4e4-423f-9f4c-a26b4fce3729" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_millenium.yar b/yara_rules/rat_win_millenium.yar similarity index 97% rename from yara_rules/sekoiaio_rat_win_millenium.yar rename to yara_rules/rat_win_millenium.yar index 7d74568..9b45c38 100644 --- a/yara_rules/sekoiaio_rat_win_millenium.yar +++ b/yara_rules/rat_win_millenium.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_millenium { +rule rat_win_millenium { meta: version = "1.0" description = "Finds MilleniumRAT samples based on the specific strings" diff --git a/yara_rules/sekoiaio_rat_win_nighthawk.yar b/yara_rules/rat_win_nighthawk.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_nighthawk.yar rename to yara_rules/rat_win_nighthawk.yar index 285c818..e638c92 100644 --- a/yara_rules/sekoiaio_rat_win_nighthawk.yar +++ b/yara_rules/rat_win_nighthawk.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_rat_win_nighthawk { +rule rat_win_nighthawk { meta: version = "1.0" description = "Detects Nighthawk RAT" diff --git a/yara_rules/sekoiaio_rat_win_ninerat.yar b/yara_rules/rat_win_ninerat.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_ninerat.yar rename to yara_rules/rat_win_ninerat.yar index 13d8b12..a6cb496 100644 --- a/yara_rules/sekoiaio_rat_win_ninerat.yar +++ b/yara_rules/rat_win_ninerat.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_rat_win_ninerat { +rule rat_win_ninerat { meta: id = "a9f4f78b-5b86-4ac1-9b9b-ba2672b938bf" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_ratel_strings.yar b/yara_rules/rat_win_ratel_strings.yar similarity index 96% rename from yara_rules/sekoiaio_rat_win_ratel_strings.yar rename to yara_rules/rat_win_ratel_strings.yar index 89ff5de..2b65def 100644 --- a/yara_rules/sekoiaio_rat_win_ratel_strings.yar +++ b/yara_rules/rat_win_ratel_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_ratel_strings { +rule rat_win_ratel_strings { meta: id = "d0c8b89b-c811-47aa-9e03-717998c40d91" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_remcos.yar b/yara_rules/rat_win_remcos.yar similarity index 97% rename from yara_rules/sekoiaio_rat_win_remcos.yar rename to yara_rules/rat_win_remcos.yar index d2fa65a..ddabc54 100644 --- a/yara_rules/sekoiaio_rat_win_remcos.yar +++ b/yara_rules/rat_win_remcos.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_remcos { +rule rat_win_remcos { meta: id = "011132f5-c5d9-4e97-bfed-0b94c9a30481" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_reverserat.yar b/yara_rules/rat_win_reverserat.yar similarity index 95% rename from yara_rules/sekoiaio_rat_win_reverserat.yar rename to yara_rules/rat_win_reverserat.yar index 02d213e..c38bfad 100644 --- a/yara_rules/sekoiaio_rat_win_reverserat.yar +++ b/yara_rules/rat_win_reverserat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_reverserat { +rule rat_win_reverserat { meta: id = "8fbd395f-f44e-46d5-a942-7c7e88f37127" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_romcom_payload.yar b/yara_rules/rat_win_romcom_payload.yar similarity index 92% rename from yara_rules/sekoiaio_rat_win_romcom_payload.yar rename to yara_rules/rat_win_romcom_payload.yar index d453a91..ab9927f 100644 --- a/yara_rules/sekoiaio_rat_win_romcom_payload.yar +++ b/yara_rules/rat_win_romcom_payload.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_rat_win_romcom_payload { +rule rat_win_romcom_payload { meta: id = "c391f84c-f0cb-42d8-a8d8-d59725bf74c2" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_tutclient.yar b/yara_rules/rat_win_tutclient.yar similarity index 95% rename from yara_rules/sekoiaio_rat_win_tutclient.yar rename to yara_rules/rat_win_tutclient.yar index 032ce51..9239709 100644 --- a/yara_rules/sekoiaio_rat_win_tutclient.yar +++ b/yara_rules/rat_win_tutclient.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_tutclient { +rule rat_win_tutclient { meta: id = "2bd2d61f-3654-4acd-9773-8d3617c67ee0" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_xeno_rat.yar b/yara_rules/rat_win_xeno_rat.yar similarity index 94% rename from yara_rules/sekoiaio_rat_win_xeno_rat.yar rename to yara_rules/rat_win_xeno_rat.yar index 4b2a379..9ce6ddc 100644 --- a/yara_rules/sekoiaio_rat_win_xeno_rat.yar +++ b/yara_rules/rat_win_xeno_rat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_xeno_rat { +rule rat_win_xeno_rat { meta: id = "4be1ff07-8180-42a8-9f51-b5e17bf23442" version = "1.0" diff --git a/yara_rules/sekoiaio_rat_win_xworm_v2.yar b/yara_rules/rat_win_xworm_v2.yar similarity index 97% rename from yara_rules/sekoiaio_rat_win_xworm_v2.yar rename to yara_rules/rat_win_xworm_v2.yar index e678a39..1196038 100644 --- a/yara_rules/sekoiaio_rat_win_xworm_v2.yar +++ b/yara_rules/rat_win_xworm_v2.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_xworm_v2 { +rule rat_win_xworm_v2 { meta: version = "1.0" description = "Finds XWorm v2 samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_rat_win_xworm_v3.yar b/yara_rules/rat_win_xworm_v3.yar similarity index 97% rename from yara_rules/sekoiaio_rat_win_xworm_v3.yar rename to yara_rules/rat_win_xworm_v3.yar index 3d9fa43..dde879a 100644 --- a/yara_rules/sekoiaio_rat_win_xworm_v3.yar +++ b/yara_rules/rat_win_xworm_v3.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rat_win_xworm_v3 { +rule rat_win_xworm_v3 { meta: version = "1.0" description = "Finds XWorm (version XClient, v3) samples based on characteristic strings" diff --git a/yara_rules/sekoiaio_recotool_adfind_strings.yar b/yara_rules/recotool_adfind_strings.yar similarity index 94% rename from yara_rules/sekoiaio_recotool_adfind_strings.yar rename to yara_rules/recotool_adfind_strings.yar index 27a19f3..2748af1 100644 --- a/yara_rules/sekoiaio_recotool_adfind_strings.yar +++ b/yara_rules/recotool_adfind_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_recotool_adfind_strings { +rule recotool_adfind_strings { meta: id = "afca88ef-756a-4b2b-91d7-d18d730e7074" version = "1.0" diff --git a/yara_rules/sekoiaio_reverseshell_win_1st_troy.yar b/yara_rules/reverseshell_win_1st_troy.yar similarity index 97% rename from yara_rules/sekoiaio_reverseshell_win_1st_troy.yar rename to yara_rules/reverseshell_win_1st_troy.yar index 17d79a7..6d08393 100644 --- a/yara_rules/sekoiaio_reverseshell_win_1st_troy.yar +++ b/yara_rules/reverseshell_win_1st_troy.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_reverseshell_win_1st_troy { +rule reverseshell_win_1st_troy { meta: id = "b40b742d-8b1e-4d99-8df5-6cb8c9a7d8bd" version = "1.0" diff --git a/yara_rules/sekoiaio_rootkit_diamorphine_strings.yar b/yara_rules/rootkit_diamorphine_strings.yar similarity index 96% rename from yara_rules/sekoiaio_rootkit_diamorphine_strings.yar rename to yara_rules/rootkit_diamorphine_strings.yar index a28a5b7..e42f908 100644 --- a/yara_rules/sekoiaio_rootkit_diamorphine_strings.yar +++ b/yara_rules/rootkit_diamorphine_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rootkit_diamorphine_strings { +rule rootkit_diamorphine_strings { meta: id = "5a28be5c-9a57-4204-a7cc-42dfcaa2c2da" version = "1.0" diff --git a/yara_rules/sekoiaio_rootkit_lin_winnti.yar b/yara_rules/rootkit_lin_winnti.yar similarity index 97% rename from yara_rules/sekoiaio_rootkit_lin_winnti.yar rename to yara_rules/rootkit_lin_winnti.yar index 01b6d60..e759635 100644 --- a/yara_rules/sekoiaio_rootkit_lin_winnti.yar +++ b/yara_rules/rootkit_lin_winnti.yar @@ -1,7 +1,7 @@ import "elf" import "hash" -rule sekoiaio_rootkit_lin_winnti { +rule rootkit_lin_winnti { meta: id = "c800038e-7f8a-4f24-bf0b-06aba6a828cb" version = "1.0" diff --git a/yara_rules/sekoiaio_rootkit_win_purplefox_360_tct.yar b/yara_rules/rootkit_win_purplefox_360_tct.yar similarity index 94% rename from yara_rules/sekoiaio_rootkit_win_purplefox_360_tct.yar rename to yara_rules/rootkit_win_purplefox_360_tct.yar index 801d5e1..14a7efb 100644 --- a/yara_rules/sekoiaio_rootkit_win_purplefox_360_tct.yar +++ b/yara_rules/rootkit_win_purplefox_360_tct.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rootkit_win_purplefox_360_tct { +rule rootkit_win_purplefox_360_tct { meta: id = "e992d574-6a44-4bea-97e2-6d5579ce8d01" version = "1.0" diff --git a/yara_rules/sekoiaio_rootkit_win_purplefox_kernel_driver.yar b/yara_rules/rootkit_win_purplefox_kernel_driver.yar similarity index 95% rename from yara_rules/sekoiaio_rootkit_win_purplefox_kernel_driver.yar rename to yara_rules/rootkit_win_purplefox_kernel_driver.yar index d735c7d..f011738 100644 --- a/yara_rules/sekoiaio_rootkit_win_purplefox_kernel_driver.yar +++ b/yara_rules/rootkit_win_purplefox_kernel_driver.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_rootkit_win_purplefox_kernel_driver { +rule rootkit_win_purplefox_kernel_driver { meta: id = "798dc20b-76cd-4e31-b9ee-f363fb39cd58" version = "1.0" diff --git a/yara_rules/sekoiaio_rootkit_win_purplefox_svchost_txt.yar b/yara_rules/rootkit_win_purplefox_svchost_txt.yar similarity index 95% rename from yara_rules/sekoiaio_rootkit_win_purplefox_svchost_txt.yar rename to yara_rules/rootkit_win_purplefox_svchost_txt.yar index 66e8d53..eb926d1 100644 --- a/yara_rules/sekoiaio_rootkit_win_purplefox_svchost_txt.yar +++ b/yara_rules/rootkit_win_purplefox_svchost_txt.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rootkit_win_purplefox_svchost_txt { +rule rootkit_win_purplefox_svchost_txt { meta: id = "e992d574-6a44-4bea-97e2-6d5579ce8d02" version = "1.0" diff --git a/yara_rules/sekoiaio_rule_lazarus_generic_downloader_7c3f94702fa7.yar b/yara_rules/rule_lazarus_generic_downloader_7c3f94702fa7.yar similarity index 90% rename from yara_rules/sekoiaio_rule_lazarus_generic_downloader_7c3f94702fa7.yar rename to yara_rules/rule_lazarus_generic_downloader_7c3f94702fa7.yar index 4fd36cb..9ce1c13 100644 --- a/yara_rules/sekoiaio_rule_lazarus_generic_downloader_7c3f94702fa7.yar +++ b/yara_rules/rule_lazarus_generic_downloader_7c3f94702fa7.yar @@ -1,4 +1,4 @@ -rule sekoiaio_rule_lazarus_generic_downloader_7c3f94702fa7 { +rule rule_lazarus_generic_downloader_7c3f94702fa7 { meta: id = "eb0f0a91-5e72-4358-91a3-7c3f94702fa7" version = "1.0" diff --git a/yara_rules/sekoiaio_infostealer_win_zharkbot_dump.yar b/yara_rules/sekoiaio_infostealer_win_zharkbot_dump.yar deleted file mode 100644 index 2456bc7..0000000 --- a/yara_rules/sekoiaio_infostealer_win_zharkbot_dump.yar +++ /dev/null @@ -1,23 +0,0 @@ -rule sekoiaio_infostealer_win_zharkbot_dump { - meta: - id = "84c4f02e-fa59-4ab9-b8e8-077cd23ce117" - version = "1.0" - description = "Finds ZharkBot dumps based on specific strings." - author = "Sekoia.io" - creation_date = "2024-07-10" - classification = "TLP:CLEAR" - - strings: - $str01 = "log\\Passwords.txt" ascii - $str02 = "---------------------------------------------------------------------" ascii - $str03 = "Browser: %s" ascii - $str04 = "Stealer: ZharkBOT" ascii - $str05 = "Failed to decrypt password for URL: %s" ascii - $str06 = "Closed database and cleaned up!" ascii - $str07 = "CREATE TEMP TABLE sqlite_temp_master(" ascii - $str08 = "(OpiumG4ng Win32)" wide - - condition: - uint16(0)==0x5A4D and (5 of them or $str08) -} - \ No newline at end of file diff --git a/yara_rules/sekoiaio_loader_win_truebot_dec22.yar b/yara_rules/sekoiaio_loader_win_truebot_dec22.yar deleted file mode 100644 index 10e3a63..0000000 --- a/yara_rules/sekoiaio_loader_win_truebot_dec22.yar +++ /dev/null @@ -1,30 +0,0 @@ -import "pe" - -rule sekoiaio_loader_win_truebot_dec22 { - meta: - version = "1.0" - description = "Finds TrueBot DLL based on characteristic strings" - author = "Sekoia.io" - creation_date = "2022-12-12" - id = "21e2c57c-8579-4312-b188-bc9171e37e5f" - classification = "TLP:CLEAR" - - strings: - $str0 = "GetProcessWindowStation" - $str1 = "GetUserObjectInformationW" - $str2 = "GetLastActivePopup" - $str3 = "GetActiveWindow" - $str4 = "VirtualProtect" - $str5 = "IsDebuggerPresent" - - $cle0 = "process call create \"powershell -executionpolicy bypass -nop -w hidden %s" ascii - $cle1 = "%s\\%08x-%08x.ps1" ascii - $cle2 = "POST %s HTTP/1.0" ascii - $cle3 = "%s\\rundll32.exe" wide - - condition: - uint16(0)==0x5A4D and (all of ($str*) or 1 of ($cle*)) - and (pe.exports("ChkdskExs") or pe.exports("fff")) - and filesize < 1MB -} - \ No newline at end of file diff --git a/yara_rules/sekoiaio_trojan_win_bazarloader_setscreen.yar b/yara_rules/sekoiaio_trojan_win_bazarloader_setscreen.yar deleted file mode 100644 index c23a426..0000000 --- a/yara_rules/sekoiaio_trojan_win_bazarloader_setscreen.yar +++ /dev/null @@ -1,19 +0,0 @@ -rule sekoiaio_trojan_win_bazarloader_setscreen { - meta: - id = "fe2709e5-5cdd-4e52-8ab4-79a56a60bef8" - author = "Sekoia.io" - creation_date = "2022-02-02" - description = "Finds BazarLoader DLL using setscreen as exported entry. (I know this rule is bad but I wanted to experiment YARA rule writing on this specific dll exported entry setscreen)" - version = "1.0" - classification = "TLP:CLEAR" - hash1 = "716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85" - hash2 = "cf53b4386f5efb01cd84a8aa13f240b83ce152e8984233fa3ea440f01dcc0131" - - strings: - $entry = {44 89 4c 24 ?? 4c 89 44 24 ?? (eb 1a|3a ff 74 0b)} - $second = {48 89 54 24 ?? 48 89 4c 24 ?? (eb e9|66 3b e4 74 05) 48 83 c4 ?? c3} - - condition: - $second in (@entry..@entry+50) -} - \ No newline at end of file diff --git a/yara_rules/sekoiaio_shell_win_danfuan.yar b/yara_rules/shell_win_danfuan.yar similarity index 94% rename from yara_rules/sekoiaio_shell_win_danfuan.yar rename to yara_rules/shell_win_danfuan.yar index adeb085..49c864e 100644 --- a/yara_rules/sekoiaio_shell_win_danfuan.yar +++ b/yara_rules/shell_win_danfuan.yar @@ -1,4 +1,4 @@ -rule sekoiaio_shell_win_danfuan { +rule shell_win_danfuan { meta: id = "d1cf9988-270b-4a22-bdd5-f40b625715a8" version = "1.0" diff --git a/yara_rules/sekoiaio_spyware_and_bahamut.yar b/yara_rules/spyware_and_bahamut.yar similarity index 95% rename from yara_rules/sekoiaio_spyware_and_bahamut.yar rename to yara_rules/spyware_and_bahamut.yar index 380a6bc..aa6828b 100644 --- a/yara_rules/sekoiaio_spyware_and_bahamut.yar +++ b/yara_rules/spyware_and_bahamut.yar @@ -1,4 +1,4 @@ -rule sekoiaio_spyware_and_bahamut { +rule spyware_and_bahamut { meta: id = "d416997e-baf1-412c-bf39-905a6e19b65e" version = "1.0" diff --git a/yara_rules/sekoiaio_spyware_and_fastfire.yar b/yara_rules/spyware_and_fastfire.yar similarity index 97% rename from yara_rules/sekoiaio_spyware_and_fastfire.yar rename to yara_rules/spyware_and_fastfire.yar index 85a385c..8742420 100644 --- a/yara_rules/sekoiaio_spyware_and_fastfire.yar +++ b/yara_rules/spyware_and_fastfire.yar @@ -1,4 +1,4 @@ -rule sekoiaio_spyware_and_fastfire { +rule spyware_and_fastfire { meta: id = "93c0ffd5-faa5-4ead-8848-1c44b459dc29" version = "1.0" diff --git a/yara_rules/sekoiaio_spyware_and_strongpity_mobile_backdoor.yar b/yara_rules/spyware_and_strongpity_mobile_backdoor.yar similarity index 88% rename from yara_rules/sekoiaio_spyware_and_strongpity_mobile_backdoor.yar rename to yara_rules/spyware_and_strongpity_mobile_backdoor.yar index 772ac8b..63decd0 100644 --- a/yara_rules/sekoiaio_spyware_and_strongpity_mobile_backdoor.yar +++ b/yara_rules/spyware_and_strongpity_mobile_backdoor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_spyware_and_strongpity_mobile_backdoor { +rule spyware_and_strongpity_mobile_backdoor { meta: id = "58ceb85b-d94f-47b2-86e4-59bd41f4fea8" version = "1.0" diff --git a/yara_rules/sekoiaio_stealer_win_demotryspy.yar b/yara_rules/stealer_win_demotryspy.yar similarity index 94% rename from yara_rules/sekoiaio_stealer_win_demotryspy.yar rename to yara_rules/stealer_win_demotryspy.yar index c313e8f..0945074 100644 --- a/yara_rules/sekoiaio_stealer_win_demotryspy.yar +++ b/yara_rules/stealer_win_demotryspy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_stealer_win_demotryspy { +rule stealer_win_demotryspy { meta: id = "70af0e40-b177-49a3-bff4-723f3f4aa375" version = "1.0" diff --git a/yara_rules/sekoiaio_stealer_win_luca.yar b/yara_rules/stealer_win_luca.yar similarity index 98% rename from yara_rules/sekoiaio_stealer_win_luca.yar rename to yara_rules/stealer_win_luca.yar index 7fb4689..38c805d 100644 --- a/yara_rules/sekoiaio_stealer_win_luca.yar +++ b/yara_rules/stealer_win_luca.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_stealer_win_luca { +rule stealer_win_luca { meta: id = "d2cc1442-0ba5-4e81-9fea-e9e078903eed" version = "1.0" diff --git a/yara_rules/sekoiaio_stealer_win_mgbot_credential_stealer.yar b/yara_rules/stealer_win_mgbot_credential_stealer.yar similarity index 93% rename from yara_rules/sekoiaio_stealer_win_mgbot_credential_stealer.yar rename to yara_rules/stealer_win_mgbot_credential_stealer.yar index 76dd954..43dbd3b 100644 --- a/yara_rules/sekoiaio_stealer_win_mgbot_credential_stealer.yar +++ b/yara_rules/stealer_win_mgbot_credential_stealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_stealer_win_mgbot_credential_stealer { +rule stealer_win_mgbot_credential_stealer { meta: id = "e06501c1-c842-43f7-a429-9026bc0a4fd4" version = "1.0" diff --git a/yara_rules/sekoiaio_stealer_win_strela.yar b/yara_rules/stealer_win_strela.yar similarity index 95% rename from yara_rules/sekoiaio_stealer_win_strela.yar rename to yara_rules/stealer_win_strela.yar index 2545d62..7a44e7a 100644 --- a/yara_rules/sekoiaio_stealer_win_strela.yar +++ b/yara_rules/stealer_win_strela.yar @@ -1,4 +1,4 @@ -rule sekoiaio_stealer_win_strela { +rule stealer_win_strela { meta: id = "2c98f84a-4329-476b-98b8-d8e2387b1b69" version = "1.0" diff --git a/yara_rules/sekoiaio_storm_1811_files_dat.yar b/yara_rules/storm_1811_files_dat.yar similarity index 96% rename from yara_rules/sekoiaio_storm_1811_files_dat.yar rename to yara_rules/storm_1811_files_dat.yar index ef7d99b..99699c8 100644 --- a/yara_rules/sekoiaio_storm_1811_files_dat.yar +++ b/yara_rules/storm_1811_files_dat.yar @@ -1,4 +1,4 @@ -rule sekoiaio_storm_1811_files_dat { +rule storm_1811_files_dat { meta: id = "8b14f276-0c39-422b-9b19-d96b139a7ae8" version = "1.0" diff --git a/yara_rules/sekoiaio_storm_1811_screenconnect_update.yar b/yara_rules/storm_1811_screenconnect_update.yar similarity index 94% rename from yara_rules/sekoiaio_storm_1811_screenconnect_update.yar rename to yara_rules/storm_1811_screenconnect_update.yar index e585fea..6ba2f67 100644 --- a/yara_rules/sekoiaio_storm_1811_screenconnect_update.yar +++ b/yara_rules/storm_1811_screenconnect_update.yar @@ -1,4 +1,4 @@ -rule sekoiaio_storm_1811_screenconnect_update { +rule storm_1811_screenconnect_update { meta: id = "252ef24a-14dc-41e8-ba91-dcb9b6deb428" version = "1.0" diff --git a/yara_rules/sekoiaio_strongpity_malware.yar b/yara_rules/strongpity_malware.yar similarity index 95% rename from yara_rules/sekoiaio_strongpity_malware.yar rename to yara_rules/strongpity_malware.yar index 81c210e..17c9db7 100644 --- a/yara_rules/sekoiaio_strongpity_malware.yar +++ b/yara_rules/strongpity_malware.yar @@ -1,4 +1,4 @@ -rule sekoiaio_strongpity_malware { +rule strongpity_malware { meta: id = "f19a685c-599d-42cf-a5d8-7a2375102f97" version = "1.0" diff --git a/yara_rules/sekoiaio_suspicious_users_dev.yar b/yara_rules/suspicious_users_dev.yar similarity index 93% rename from yara_rules/sekoiaio_suspicious_users_dev.yar rename to yara_rules/suspicious_users_dev.yar index 868de29..f16c2e1 100644 --- a/yara_rules/sekoiaio_suspicious_users_dev.yar +++ b/yara_rules/suspicious_users_dev.yar @@ -1,4 +1,4 @@ -rule sekoiaio_suspicious_users_dev { +rule suspicious_users_dev { meta: id = "9e8af456-6f84-4922-a262-20b8f5c8a1eb" version = "1.0" diff --git a/yara_rules/sekoiaio_ta410_control_flow_obfuscation.yar b/yara_rules/ta410_control_flow_obfuscation.yar similarity index 93% rename from yara_rules/sekoiaio_ta410_control_flow_obfuscation.yar rename to yara_rules/ta410_control_flow_obfuscation.yar index e131e4b..996fc64 100644 --- a/yara_rules/sekoiaio_ta410_control_flow_obfuscation.yar +++ b/yara_rules/ta410_control_flow_obfuscation.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ta410_control_flow_obfuscation { +rule ta410_control_flow_obfuscation { meta: id = "2a784f9b-3624-4c5d-8a64-db7d3c33a8f7" version = "1.0" diff --git a/yara_rules/sekoiaio_technique_csv_dde_exec_regex.yar b/yara_rules/technique_csv_dde_exec_regex.yar similarity index 92% rename from yara_rules/sekoiaio_technique_csv_dde_exec_regex.yar rename to yara_rules/technique_csv_dde_exec_regex.yar index 3b43f3a..96c7e9b 100644 --- a/yara_rules/sekoiaio_technique_csv_dde_exec_regex.yar +++ b/yara_rules/technique_csv_dde_exec_regex.yar @@ -1,4 +1,4 @@ -rule sekoiaio_technique_csv_dde_exec_regex { +rule technique_csv_dde_exec_regex { meta: id = "71d0e987-51ab-49bc-9d0d-d2f9006af1de" version = "1.0" diff --git a/yara_rules/sekoiaio_tinyfluff_nodejs.yar b/yara_rules/tinyfluff_nodejs.yar similarity index 95% rename from yara_rules/sekoiaio_tinyfluff_nodejs.yar rename to yara_rules/tinyfluff_nodejs.yar index 73ebea2..0cd7344 100644 --- a/yara_rules/sekoiaio_tinyfluff_nodejs.yar +++ b/yara_rules/tinyfluff_nodejs.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tinyfluff_nodejs { +rule tinyfluff_nodejs { meta: id = "ca8cbd90-f275-4442-8354-b8b069e2efc3" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_3proxy_strings.yar b/yara_rules/tool_3proxy_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_3proxy_strings.yar rename to yara_rules/tool_3proxy_strings.yar index d7b2d92..2f5d459 100644 --- a/yara_rules/sekoiaio_tool_3proxy_strings.yar +++ b/yara_rules/tool_3proxy_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_3proxy_strings { +rule tool_3proxy_strings { meta: id = "daf6cd97-8033-4bfd-88b5-41c06eb417b0" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_advancedrun_strings.yar b/yara_rules/tool_advancedrun_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_advancedrun_strings.yar rename to yara_rules/tool_advancedrun_strings.yar index c778d69..076d46e 100644 --- a/yara_rules/sekoiaio_tool_advancedrun_strings.yar +++ b/yara_rules/tool_advancedrun_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_advancedrun_strings { +rule tool_advancedrun_strings { meta: id = "842a996e-0cf2-485f-9d3c-ccbd40c9ab6c" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_bore_rust_any_platform.yar b/yara_rules/tool_bore_rust_any_platform.yar similarity index 95% rename from yara_rules/sekoiaio_tool_bore_rust_any_platform.yar rename to yara_rules/tool_bore_rust_any_platform.yar index 532f963..1c3fceb 100644 --- a/yara_rules/sekoiaio_tool_bore_rust_any_platform.yar +++ b/yara_rules/tool_bore_rust_any_platform.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_bore_rust_any_platform { +rule tool_bore_rust_any_platform { meta: id = "c0ec0d72-de8e-4b96-9db6-a7a4e2f693f1" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_bypassgodzilla.yar b/yara_rules/tool_bypassgodzilla.yar similarity index 97% rename from yara_rules/sekoiaio_tool_bypassgodzilla.yar rename to yara_rules/tool_bypassgodzilla.yar index 2619a12..a4fb307 100644 --- a/yara_rules/sekoiaio_tool_bypassgodzilla.yar +++ b/yara_rules/tool_bypassgodzilla.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_bypassgodzilla { +rule tool_bypassgodzilla { meta: id = "fa492f97-a46c-422d-a617-c503744ee22e" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_cheat_engine.yar b/yara_rules/tool_cheat_engine.yar similarity index 95% rename from yara_rules/sekoiaio_tool_cheat_engine.yar rename to yara_rules/tool_cheat_engine.yar index 9d5ca19..3a68b28 100644 --- a/yara_rules/sekoiaio_tool_cheat_engine.yar +++ b/yara_rules/tool_cheat_engine.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_cheat_engine { +rule tool_cheat_engine { meta: id = "51d4246c-f7a1-4589-8f97-bd85d1fe4a0e" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_chisel_strings.yar b/yara_rules/tool_chisel_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_chisel_strings.yar rename to yara_rules/tool_chisel_strings.yar index 00e32d4..ab4beed 100644 --- a/yara_rules/sekoiaio_tool_chisel_strings.yar +++ b/yara_rules/tool_chisel_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_chisel_strings { +rule tool_chisel_strings { meta: id = "667a8aa3-772b-45f1-8c89-acb7b976888d" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_dogtunnel_strings.yar b/yara_rules/tool_dogtunnel_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_dogtunnel_strings.yar rename to yara_rules/tool_dogtunnel_strings.yar index dcde3c8..ff973aa 100644 --- a/yara_rules/sekoiaio_tool_dogtunnel_strings.yar +++ b/yara_rules/tool_dogtunnel_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_dogtunnel_strings { +rule tool_dogtunnel_strings { meta: id = "00705613-6367-454f-b3f2-1e2b0a52459c" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_dynamicwrapper_strings.yar b/yara_rules/tool_dynamicwrapper_strings.yar similarity index 91% rename from yara_rules/sekoiaio_tool_dynamicwrapper_strings.yar rename to yara_rules/tool_dynamicwrapper_strings.yar index a0bbfe1..dd8677e 100644 --- a/yara_rules/sekoiaio_tool_dynamicwrapper_strings.yar +++ b/yara_rules/tool_dynamicwrapper_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_dynamicwrapper_strings { +rule tool_dynamicwrapper_strings { meta: id = "bbfad0a8-8b86-47c7-bf70-0a3f6859d64b" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_edrsandblast_api_strings.yar b/yara_rules/tool_edrsandblast_api_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_edrsandblast_api_strings.yar rename to yara_rules/tool_edrsandblast_api_strings.yar index af2b106..46e340a 100644 --- a/yara_rules/sekoiaio_tool_edrsandblast_api_strings.yar +++ b/yara_rules/tool_edrsandblast_api_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_edrsandblast_api_strings { +rule tool_edrsandblast_api_strings { meta: id = "8a5dc171-dce8-4b5a-96e9-53dd1855e8c1" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_edrsandblast_cli_strings.yar b/yara_rules/tool_edrsandblast_cli_strings.yar similarity index 92% rename from yara_rules/sekoiaio_tool_edrsandblast_cli_strings.yar rename to yara_rules/tool_edrsandblast_cli_strings.yar index e15f4cf..9690b6f 100644 --- a/yara_rules/sekoiaio_tool_edrsandblast_cli_strings.yar +++ b/yara_rules/tool_edrsandblast_cli_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_edrsandblast_cli_strings { +rule tool_edrsandblast_cli_strings { meta: id = "baf3c68a-1d28-464e-8240-28cc66c8c151" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_edrsandblast_kernelcallbacks.yar b/yara_rules/tool_edrsandblast_kernelcallbacks.yar similarity index 92% rename from yara_rules/sekoiaio_tool_edrsandblast_kernelcallbacks.yar rename to yara_rules/tool_edrsandblast_kernelcallbacks.yar index bb97d3e..1fef06c 100644 --- a/yara_rules/sekoiaio_tool_edrsandblast_kernelcallbacks.yar +++ b/yara_rules/tool_edrsandblast_kernelcallbacks.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_edrsandblast_kernelcallbacks { +rule tool_edrsandblast_kernelcallbacks { meta: id = "74cf4444-5bd6-4167-930a-5dbf2e529f92" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_edrsandblast_strings.yar b/yara_rules/tool_edrsandblast_strings.yar similarity index 96% rename from yara_rules/sekoiaio_tool_edrsandblast_strings.yar rename to yara_rules/tool_edrsandblast_strings.yar index ecdc905..923ad91 100644 --- a/yara_rules/sekoiaio_tool_edrsandblast_strings.yar +++ b/yara_rules/tool_edrsandblast_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_edrsandblast_strings { +rule tool_edrsandblast_strings { meta: id = "7059b89c-80b5-4768-b3eb-02f173f628b0" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_efspotato.yar b/yara_rules/tool_efspotato.yar similarity index 95% rename from yara_rules/sekoiaio_tool_efspotato.yar rename to yara_rules/tool_efspotato.yar index a5c0bdf..11ade38 100644 --- a/yara_rules/sekoiaio_tool_efspotato.yar +++ b/yara_rules/tool_efspotato.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_efspotato { +rule tool_efspotato { meta: id = "4440ea37-d7d0-4107-867c-576c6e2f4f7e" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_ehole.yar b/yara_rules/tool_ehole.yar similarity index 95% rename from yara_rules/sekoiaio_tool_ehole.yar rename to yara_rules/tool_ehole.yar index 35ac228..bac9384 100644 --- a/yara_rules/sekoiaio_tool_ehole.yar +++ b/yara_rules/tool_ehole.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_ehole { +rule tool_ehole { meta: id = "7d30ffd0-fada-4ef4-98c3-5572a4e1e140" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_enum4linux_strings.yar b/yara_rules/tool_enum4linux_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_enum4linux_strings.yar rename to yara_rules/tool_enum4linux_strings.yar index 672b362..0b9b20f 100644 --- a/yara_rules/sekoiaio_tool_enum4linux_strings.yar +++ b/yara_rules/tool_enum4linux_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_enum4linux_strings { +rule tool_enum4linux_strings { meta: id = "6b3094fe-1292-4da3-a1ed-9e255be531da" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_execit_obfuscator_strings.yar b/yara_rules/tool_execit_obfuscator_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_execit_obfuscator_strings.yar rename to yara_rules/tool_execit_obfuscator_strings.yar index d14f226..7b61762 100644 --- a/yara_rules/sekoiaio_tool_execit_obfuscator_strings.yar +++ b/yara_rules/tool_execit_obfuscator_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_execit_obfuscator_strings { +rule tool_execit_obfuscator_strings { meta: id = "59eaeb20-150b-41a4-b866-1c91a07623ac" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_exploit_badpotato_strings.yar b/yara_rules/tool_exploit_badpotato_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_exploit_badpotato_strings.yar rename to yara_rules/tool_exploit_badpotato_strings.yar index e44680b..e09b94e 100644 --- a/yara_rules/sekoiaio_tool_exploit_badpotato_strings.yar +++ b/yara_rules/tool_exploit_badpotato_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_exploit_badpotato_strings { +rule tool_exploit_badpotato_strings { meta: id = "079aabbc-6978-4d71-92d2-d2a7ce1cc915" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_exploit_comahawk_strings.yar b/yara_rules/tool_exploit_comahawk_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_exploit_comahawk_strings.yar rename to yara_rules/tool_exploit_comahawk_strings.yar index b59f2c9..1f105d7 100644 --- a/yara_rules/sekoiaio_tool_exploit_comahawk_strings.yar +++ b/yara_rules/tool_exploit_comahawk_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_exploit_comahawk_strings { +rule tool_exploit_comahawk_strings { meta: id = "cc0d10ae-1a14-48c1-9c45-d65fac15f8f1" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_exploit_rottenpotato_strings.yar b/yara_rules/tool_exploit_rottenpotato_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_exploit_rottenpotato_strings.yar rename to yara_rules/tool_exploit_rottenpotato_strings.yar index 64d61cf..6b7d0ba 100644 --- a/yara_rules/sekoiaio_tool_exploit_rottenpotato_strings.yar +++ b/yara_rules/tool_exploit_rottenpotato_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_exploit_rottenpotato_strings { +rule tool_exploit_rottenpotato_strings { meta: id = "453646d4-b128-40ea-8840-4c53b8f1e486" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_generic_python_reverse_shell_strings.yar b/yara_rules/tool_generic_python_reverse_shell_strings.yar similarity index 88% rename from yara_rules/sekoiaio_tool_generic_python_reverse_shell_strings.yar rename to yara_rules/tool_generic_python_reverse_shell_strings.yar index 06c1397..020e973 100644 --- a/yara_rules/sekoiaio_tool_generic_python_reverse_shell_strings.yar +++ b/yara_rules/tool_generic_python_reverse_shell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_generic_python_reverse_shell_strings { +rule tool_generic_python_reverse_shell_strings { meta: id = "5b926d15-4f21-428c-a9fa-ee085a98d42b" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_godpotato.yar b/yara_rules/tool_godpotato.yar similarity index 95% rename from yara_rules/sekoiaio_tool_godpotato.yar rename to yara_rules/tool_godpotato.yar index c1cd69d..f1a3027 100644 --- a/yara_rules/sekoiaio_tool_godpotato.yar +++ b/yara_rules/tool_godpotato.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_godpotato { +rule tool_godpotato { meta: id = "cc396771-f187-43ae-903f-147d15483c46" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_gost_tunnel_strings.yar b/yara_rules/tool_gost_tunnel_strings.yar similarity index 96% rename from yara_rules/sekoiaio_tool_gost_tunnel_strings.yar rename to yara_rules/tool_gost_tunnel_strings.yar index 622aec1..7b54d7e 100644 --- a/yara_rules/sekoiaio_tool_gost_tunnel_strings.yar +++ b/yara_rules/tool_gost_tunnel_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_gost_tunnel_strings { +rule tool_gost_tunnel_strings { meta: id = "2de7aae9-9cf8-4007-aa27-5caea4123713" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_gsocket_strings.yar b/yara_rules/tool_gsocket_strings.yar similarity index 96% rename from yara_rules/sekoiaio_tool_gsocket_strings.yar rename to yara_rules/tool_gsocket_strings.yar index 575fd9c..c8f5456 100644 --- a/yara_rules/sekoiaio_tool_gsocket_strings.yar +++ b/yara_rules/tool_gsocket_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_gsocket_strings { +rule tool_gsocket_strings { meta: id = "55fb2f2b-1074-4b6d-9113-48eaeb0e1e27" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_htran_strings.yar b/yara_rules/tool_htran_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_htran_strings.yar rename to yara_rules/tool_htran_strings.yar index af6b2b7..77c2cbb 100644 --- a/yara_rules/sekoiaio_tool_htran_strings.yar +++ b/yara_rules/tool_htran_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_htran_strings { +rule tool_htran_strings { meta: id = "0184937e-eefa-4c6d-ae00-9b0af80dc7db" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_impersonate_strings.yar b/yara_rules/tool_impersonate_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_impersonate_strings.yar rename to yara_rules/tool_impersonate_strings.yar index d0df131..cee12de 100644 --- a/yara_rules/sekoiaio_tool_impersonate_strings.yar +++ b/yara_rules/tool_impersonate_strings.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_tool_impersonate_strings { +rule tool_impersonate_strings { meta: id = "2ab345a2-9366-4673-b398-a59ba6954af5" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_inswor_strings.yar b/yara_rules/tool_inswor_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_inswor_strings.yar rename to yara_rules/tool_inswor_strings.yar index a69cb9c..a95602b 100644 --- a/yara_rules/sekoiaio_tool_inswor_strings.yar +++ b/yara_rules/tool_inswor_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_inswor_strings { +rule tool_inswor_strings { meta: id = "99aaad33-510a-41b9-9022-800588c18d6d" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_iodine_strings.yar b/yara_rules/tool_iodine_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_iodine_strings.yar rename to yara_rules/tool_iodine_strings.yar index 7eea909..fb6c54f 100644 --- a/yara_rules/sekoiaio_tool_iodine_strings.yar +++ b/yara_rules/tool_iodine_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_iodine_strings { +rule tool_iodine_strings { meta: id = "029766cc-80fb-423d-adc5-8867c438c5d3" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_juicypotato_exploit_strings.yar b/yara_rules/tool_juicypotato_exploit_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_juicypotato_exploit_strings.yar rename to yara_rules/tool_juicypotato_exploit_strings.yar index e15b7c4..2de9492 100644 --- a/yara_rules/sekoiaio_tool_juicypotato_exploit_strings.yar +++ b/yara_rules/tool_juicypotato_exploit_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_juicypotato_exploit_strings { +rule tool_juicypotato_exploit_strings { meta: id = "03d697ae-69a7-490b-8b3c-9a8c21fb46a2" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_juicypotatong_strings.yar b/yara_rules/tool_juicypotatong_strings.yar similarity index 92% rename from yara_rules/sekoiaio_tool_juicypotatong_strings.yar rename to yara_rules/tool_juicypotatong_strings.yar index 0325a6b..856d875 100644 --- a/yara_rules/sekoiaio_tool_juicypotatong_strings.yar +++ b/yara_rules/tool_juicypotatong_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_juicypotatong_strings { +rule tool_juicypotatong_strings { meta: id = "4634251b-ea41-4f58-aabd-db83ccf4edaa" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_koblas_server_strings.yar b/yara_rules/tool_koblas_server_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_koblas_server_strings.yar rename to yara_rules/tool_koblas_server_strings.yar index 8cf6a93..bb6d47a 100644 --- a/yara_rules/sekoiaio_tool_koblas_server_strings.yar +++ b/yara_rules/tool_koblas_server_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_koblas_server_strings { +rule tool_koblas_server_strings { meta: id = "ebd891da-69dd-474c-9e08-63d0b4cc654e" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_ladon_strings.yar b/yara_rules/tool_ladon_strings.yar similarity index 98% rename from yara_rules/sekoiaio_tool_ladon_strings.yar rename to yara_rules/tool_ladon_strings.yar index 6192956..f5af7c7 100644 --- a/yara_rules/sekoiaio_tool_ladon_strings.yar +++ b/yara_rules/tool_ladon_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_ladon_strings { +rule tool_ladon_strings { meta: id = "7f06f755-a103-4e74-a9df-136355775233" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_lsass_dump_strings.yar b/yara_rules/tool_lsass_dump_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_lsass_dump_strings.yar rename to yara_rules/tool_lsass_dump_strings.yar index 0334e64..cb0edf6 100644 --- a/yara_rules/sekoiaio_tool_lsass_dump_strings.yar +++ b/yara_rules/tool_lsass_dump_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_lsass_dump_strings { +rule tool_lsass_dump_strings { meta: id = "bf024dc6-a1c8-4c3f-9bf8-8d246c129639" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_masky_strings.yar b/yara_rules/tool_masky_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_masky_strings.yar rename to yara_rules/tool_masky_strings.yar index c506748..4414952 100644 --- a/yara_rules/sekoiaio_tool_masky_strings.yar +++ b/yara_rules/tool_masky_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_masky_strings { +rule tool_masky_strings { meta: id = "542670ee-9f2e-4148-853d-a3f055bd584c" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_multidump_strings.yar b/yara_rules/tool_multidump_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_multidump_strings.yar rename to yara_rules/tool_multidump_strings.yar index 097baff..cc8dd63 100644 --- a/yara_rules/sekoiaio_tool_multidump_strings.yar +++ b/yara_rules/tool_multidump_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_multidump_strings { +rule tool_multidump_strings { meta: id = "4897c898-01dd-40d2-bf28-266231c88f8a" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_nping_strings.yar b/yara_rules/tool_nping_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_nping_strings.yar rename to yara_rules/tool_nping_strings.yar index 19120f6..889a197 100644 --- a/yara_rules/sekoiaio_tool_nping_strings.yar +++ b/yara_rules/tool_nping_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_nping_strings { +rule tool_nping_strings { meta: id = "fcfd9539-b224-45b4-9252-0b4d56a40be4" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_nssm_strings.yar b/yara_rules/tool_nssm_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_nssm_strings.yar rename to yara_rules/tool_nssm_strings.yar index 7cd1e21..5e535b2 100644 --- a/yara_rules/sekoiaio_tool_nssm_strings.yar +++ b/yara_rules/tool_nssm_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_nssm_strings { +rule tool_nssm_strings { meta: id = "fab99d44-6494-4bfc-80c0-67c45bad0425" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_paexec_strings.yar b/yara_rules/tool_paexec_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_paexec_strings.yar rename to yara_rules/tool_paexec_strings.yar index da50a4c..a3234a4 100644 --- a/yara_rules/sekoiaio_tool_paexec_strings.yar +++ b/yara_rules/tool_paexec_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_paexec_strings { +rule tool_paexec_strings { meta: id = "c48b897c-0d88-4fa9-b64b-0e14a38a62d7" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_pchunter_and_related_certificate.yar b/yara_rules/tool_pchunter_and_related_certificate.yar similarity index 91% rename from yara_rules/sekoiaio_tool_pchunter_and_related_certificate.yar rename to yara_rules/tool_pchunter_and_related_certificate.yar index 709635a..f88e06b 100644 --- a/yara_rules/sekoiaio_tool_pchunter_and_related_certificate.yar +++ b/yara_rules/tool_pchunter_and_related_certificate.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_tool_pchunter_and_related_certificate { +rule tool_pchunter_and_related_certificate { meta: id = "757c7738-4ee8-4b4e-bdda-0c5b0c010f40" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_petitpotato.yar b/yara_rules/tool_petitpotato.yar similarity index 93% rename from yara_rules/sekoiaio_tool_petitpotato.yar rename to yara_rules/tool_petitpotato.yar index 7b7e0ee..9018ea9 100644 --- a/yara_rules/sekoiaio_tool_petitpotato.yar +++ b/yara_rules/tool_petitpotato.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_petitpotato { +rule tool_petitpotato { meta: id = "72808202-a124-478e-bc60-59d35824b948" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_pivotnacci.yar b/yara_rules/tool_pivotnacci.yar similarity index 95% rename from yara_rules/sekoiaio_tool_pivotnacci.yar rename to yara_rules/tool_pivotnacci.yar index bbd8635..dd7b91e 100644 --- a/yara_rules/sekoiaio_tool_pivotnacci.yar +++ b/yara_rules/tool_pivotnacci.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_pivotnacci { +rule tool_pivotnacci { meta: id = "31ecb08a-fc92-4cbe-a865-7ce869a5fa6a" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_pivotnacci_webshell.yar b/yara_rules/tool_pivotnacci_webshell.yar similarity index 95% rename from yara_rules/sekoiaio_tool_pivotnacci_webshell.yar rename to yara_rules/tool_pivotnacci_webshell.yar index 1f63ffa..afc9451 100644 --- a/yara_rules/sekoiaio_tool_pivotnacci_webshell.yar +++ b/yara_rules/tool_pivotnacci_webshell.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_pivotnacci_webshell { +rule tool_pivotnacci_webshell { meta: id = "729b6381-b59d-46fe-9ad4-b8b68fb0ceea" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_powershell_unicorn.yar b/yara_rules/tool_powershell_unicorn.yar similarity index 92% rename from yara_rules/sekoiaio_tool_powershell_unicorn.yar rename to yara_rules/tool_powershell_unicorn.yar index 9a605c7..685d792 100644 --- a/yara_rules/sekoiaio_tool_powershell_unicorn.yar +++ b/yara_rules/tool_powershell_unicorn.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_powershell_unicorn { +rule tool_powershell_unicorn { meta: id = "287c1669-2ee1-488e-bf66-a99bfe309c90" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_printnotifypotato.yar b/yara_rules/tool_printnotifypotato.yar similarity index 94% rename from yara_rules/sekoiaio_tool_printnotifypotato.yar rename to yara_rules/tool_printnotifypotato.yar index 2e5db90..23544fe 100644 --- a/yara_rules/sekoiaio_tool_printnotifypotato.yar +++ b/yara_rules/tool_printnotifypotato.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_printnotifypotato { +rule tool_printnotifypotato { meta: id = "8dde175f-025a-4c27-bcc6-d0016dd7238c" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_quarkspwdump.yar b/yara_rules/tool_quarkspwdump.yar similarity index 94% rename from yara_rules/sekoiaio_tool_quarkspwdump.yar rename to yara_rules/tool_quarkspwdump.yar index 2b04d4d..3b92174 100644 --- a/yara_rules/sekoiaio_tool_quarkspwdump.yar +++ b/yara_rules/tool_quarkspwdump.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_quarkspwdump { +rule tool_quarkspwdump { meta: id = "859823f9-6d47-4b0f-844b-d3af7bad498b" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_rathole_strings.yar b/yara_rules/tool_rathole_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_rathole_strings.yar rename to yara_rules/tool_rathole_strings.yar index b8e77d3..8934605 100644 --- a/yara_rules/sekoiaio_tool_rathole_strings.yar +++ b/yara_rules/tool_rathole_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_rathole_strings { +rule tool_rathole_strings { meta: id = "39d11285-a3bf-46c3-901d-ab46601a9066" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_realblindingedr_strings.yar b/yara_rules/tool_realblindingedr_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_realblindingedr_strings.yar rename to yara_rules/tool_realblindingedr_strings.yar index 9bc6214..1811767 100644 --- a/yara_rules/sekoiaio_tool_realblindingedr_strings.yar +++ b/yara_rules/tool_realblindingedr_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_realblindingedr_strings { +rule tool_realblindingedr_strings { meta: id = "505dcbee-ae37-47c1-a322-2c52d10e68d7" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_reversessh_strings.yar b/yara_rules/tool_reversessh_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_reversessh_strings.yar rename to yara_rules/tool_reversessh_strings.yar index 08cb04b..67aade9 100644 --- a/yara_rules/sekoiaio_tool_reversessh_strings.yar +++ b/yara_rules/tool_reversessh_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_reversessh_strings { +rule tool_reversessh_strings { meta: id = "b20c2c8e-3910-4545-a87a-3d428283a447" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_revsocks_strings.yar b/yara_rules/tool_revsocks_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_revsocks_strings.yar rename to yara_rules/tool_revsocks_strings.yar index ff09e43..7bc2861 100644 --- a/yara_rules/sekoiaio_tool_revsocks_strings.yar +++ b/yara_rules/tool_revsocks_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_revsocks_strings { +rule tool_revsocks_strings { meta: id = "f5f34e74-0795-4c81-a385-218a8197a0b7" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_rsockstun_strings.yar b/yara_rules/tool_rsockstun_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_rsockstun_strings.yar rename to yara_rules/tool_rsockstun_strings.yar index 7fa8a0c..9524e35 100644 --- a/yara_rules/sekoiaio_tool_rsockstun_strings.yar +++ b/yara_rules/tool_rsockstun_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_rsockstun_strings { +rule tool_rsockstun_strings { meta: id = "94d8cb39-3421-441c-8404-62a591b86912" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_rubeus_strings.yar b/yara_rules/tool_rubeus_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_rubeus_strings.yar rename to yara_rules/tool_rubeus_strings.yar index 32606a0..067c5d7 100644 --- a/yara_rules/sekoiaio_tool_rubeus_strings.yar +++ b/yara_rules/tool_rubeus_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_rubeus_strings { +rule tool_rubeus_strings { meta: id = "df1860d0-ec34-4c2d-bd83-5f16b26d075c" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_runpeinmemory_strings.yar b/yara_rules/tool_runpeinmemory_strings.yar similarity index 92% rename from yara_rules/sekoiaio_tool_runpeinmemory_strings.yar rename to yara_rules/tool_runpeinmemory_strings.yar index ed21de1..62f1008 100644 --- a/yara_rules/sekoiaio_tool_runpeinmemory_strings.yar +++ b/yara_rules/tool_runpeinmemory_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_runpeinmemory_strings { +rule tool_runpeinmemory_strings { meta: id = "64129ab0-b599-4760-ab21-20c475c2c07f" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_safetykatz.yar b/yara_rules/tool_safetykatz.yar similarity index 94% rename from yara_rules/sekoiaio_tool_safetykatz.yar rename to yara_rules/tool_safetykatz.yar index 27d4a5f..2de3a3c 100644 --- a/yara_rules/sekoiaio_tool_safetykatz.yar +++ b/yara_rules/tool_safetykatz.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_safetykatz { +rule tool_safetykatz { meta: id = "90f93244-38a7-4574-87c6-15d494e9173b" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_scanline_strings.yar b/yara_rules/tool_scanline_strings.yar similarity index 92% rename from yara_rules/sekoiaio_tool_scanline_strings.yar rename to yara_rules/tool_scanline_strings.yar index 0a6bb68..46de766 100644 --- a/yara_rules/sekoiaio_tool_scanline_strings.yar +++ b/yara_rules/tool_scanline_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_scanline_strings { +rule tool_scanline_strings { meta: id = "65677b81-d077-4d01-8398-cbb06ce49edf" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_sharpefspotato_strings.yar b/yara_rules/tool_sharpefspotato_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_sharpefspotato_strings.yar rename to yara_rules/tool_sharpefspotato_strings.yar index ede2812..04880f8 100644 --- a/yara_rules/sekoiaio_tool_sharpefspotato_strings.yar +++ b/yara_rules/tool_sharpefspotato_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_sharpefspotato_strings { +rule tool_sharpefspotato_strings { meta: id = "4286c72b-c0b9-4d2c-9847-68fc39ed4894" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_sharphoundexecutable_strings.yar b/yara_rules/tool_sharphoundexecutable_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_sharphoundexecutable_strings.yar rename to yara_rules/tool_sharphoundexecutable_strings.yar index 6e6f9f6..08e8077 100644 --- a/yara_rules/sekoiaio_tool_sharphoundexecutable_strings.yar +++ b/yara_rules/tool_sharphoundexecutable_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_sharphoundexecutable_strings { +rule tool_sharphoundexecutable_strings { meta: id = "2cf8046e-5b4d-4ff7-b4b2-7aaeaf58883b" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_sharphoundpowershell_strings.yar b/yara_rules/tool_sharphoundpowershell_strings.yar similarity index 92% rename from yara_rules/sekoiaio_tool_sharphoundpowershell_strings.yar rename to yara_rules/tool_sharphoundpowershell_strings.yar index b828192..f3e7c76 100644 --- a/yara_rules/sekoiaio_tool_sharphoundpowershell_strings.yar +++ b/yara_rules/tool_sharphoundpowershell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_sharphoundpowershell_strings { +rule tool_sharphoundpowershell_strings { meta: id = "f27a0bdc-1a8c-43f9-843c-6c8506726f37" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_sharpnbtscan_strings.yar b/yara_rules/tool_sharpnbtscan_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_sharpnbtscan_strings.yar rename to yara_rules/tool_sharpnbtscan_strings.yar index fa28588..54622b2 100644 --- a/yara_rules/sekoiaio_tool_sharpnbtscan_strings.yar +++ b/yara_rules/tool_sharpnbtscan_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_sharpnbtscan_strings { +rule tool_sharpnbtscan_strings { meta: id = "e9d28dcb-b4b1-4d66-b225-ed0925f307d9" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_sharpsecdump.yar b/yara_rules/tool_sharpsecdump.yar similarity index 93% rename from yara_rules/sekoiaio_tool_sharpsecdump.yar rename to yara_rules/tool_sharpsecdump.yar index 6a71776..0737cbc 100644 --- a/yara_rules/sekoiaio_tool_sharpsecdump.yar +++ b/yara_rules/tool_sharpsecdump.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_sharpsecdump { +rule tool_sharpsecdump { meta: id = "359bf48b-81c8-4d12-ac02-777d4865411a" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_soaphound_strings.yar b/yara_rules/tool_soaphound_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_soaphound_strings.yar rename to yara_rules/tool_soaphound_strings.yar index 3e76324..f4fa844 100644 --- a/yara_rules/sekoiaio_tool_soaphound_strings.yar +++ b/yara_rules/tool_soaphound_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_soaphound_strings { +rule tool_soaphound_strings { meta: id = "adf48506-f07d-445a-83cc-0aed3b6b55eb" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_ssf_strings.yar b/yara_rules/tool_ssf_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_ssf_strings.yar rename to yara_rules/tool_ssf_strings.yar index 718c779..8635305 100644 --- a/yara_rules/sekoiaio_tool_ssf_strings.yar +++ b/yara_rules/tool_ssf_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_ssf_strings { +rule tool_ssf_strings { meta: id = "47fc3df8-a153-4045-a5f0-ed30df662984" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_swor.yar b/yara_rules/tool_swor.yar similarity index 96% rename from yara_rules/sekoiaio_tool_swor.yar rename to yara_rules/tool_swor.yar index 318dcef..2373612 100644 --- a/yara_rules/sekoiaio_tool_swor.yar +++ b/yara_rules/tool_swor.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_swor { +rule tool_swor { meta: id = "75ce2ed7-2972-4e04-98dc-451acf80c842" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_sy_runas.yar b/yara_rules/tool_sy_runas.yar similarity index 95% rename from yara_rules/sekoiaio_tool_sy_runas.yar rename to yara_rules/tool_sy_runas.yar index 1dc4570..1fad8c5 100644 --- a/yara_rules/sekoiaio_tool_sy_runas.yar +++ b/yara_rules/tool_sy_runas.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_sy_runas { +rule tool_sy_runas { meta: id = "cb1f3707-6716-49b5-9fe0-45c5baf2e491" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_tacticalrmm_installer_strings.yar b/yara_rules/tool_tacticalrmm_installer_strings.yar similarity index 91% rename from yara_rules/sekoiaio_tool_tacticalrmm_installer_strings.yar rename to yara_rules/tool_tacticalrmm_installer_strings.yar index c3b9a40..a62f90b 100644 --- a/yara_rules/sekoiaio_tool_tacticalrmm_installer_strings.yar +++ b/yara_rules/tool_tacticalrmm_installer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_tacticalrmm_installer_strings { +rule tool_tacticalrmm_installer_strings { meta: id = "c4a0ba33-b458-4c2a-abfa-4c33481d6491" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_tokenplayer_strings.yar b/yara_rules/tool_tokenplayer_strings.yar similarity index 95% rename from yara_rules/sekoiaio_tool_tokenplayer_strings.yar rename to yara_rules/tool_tokenplayer_strings.yar index a8e874f..a6ab983 100644 --- a/yara_rules/sekoiaio_tool_tokenplayer_strings.yar +++ b/yara_rules/tool_tokenplayer_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_tokenplayer_strings { +rule tool_tokenplayer_strings { meta: id = "74ed8812-f113-47a9-9ff2-6cbe2746ee11" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_webshell_b374k_strings.yar b/yara_rules/tool_webshell_b374k_strings.yar similarity index 93% rename from yara_rules/sekoiaio_tool_webshell_b374k_strings.yar rename to yara_rules/tool_webshell_b374k_strings.yar index b557c95..3a28a00 100644 --- a/yara_rules/sekoiaio_tool_webshell_b374k_strings.yar +++ b/yara_rules/tool_webshell_b374k_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_webshell_b374k_strings { +rule tool_webshell_b374k_strings { meta: id = "f53fc668-e1fc-4b85-b850-59aceefb6418" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_blackfly_proxy_config.yar b/yara_rules/tool_win_blackfly_proxy_config.yar similarity index 96% rename from yara_rules/sekoiaio_tool_win_blackfly_proxy_config.yar rename to yara_rules/tool_win_blackfly_proxy_config.yar index 390e3f6..a98a2df 100644 --- a/yara_rules/sekoiaio_tool_win_blackfly_proxy_config.yar +++ b/yara_rules/tool_win_blackfly_proxy_config.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_tool_win_blackfly_proxy_config { +rule tool_win_blackfly_proxy_config { meta: id = "c8a8be5d-bd28-4306-9466-ad582e53fede" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_driverjack.yar b/yara_rules/tool_win_driverjack.yar similarity index 95% rename from yara_rules/sekoiaio_tool_win_driverjack.yar rename to yara_rules/tool_win_driverjack.yar index f348fdc..e3c52d7 100644 --- a/yara_rules/sekoiaio_tool_win_driverjack.yar +++ b/yara_rules/tool_win_driverjack.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_win_driverjack { +rule tool_win_driverjack { meta: id = "08bc0fe8-38f1-4c73-99c8-2659b4a55815" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_forkplayground.yar b/yara_rules/tool_win_forkplayground.yar similarity index 95% rename from yara_rules/sekoiaio_tool_win_forkplayground.yar rename to yara_rules/tool_win_forkplayground.yar index fa7ce98..959c3df 100644 --- a/yara_rules/sekoiaio_tool_win_forkplayground.yar +++ b/yara_rules/tool_win_forkplayground.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_win_forkplayground { +rule tool_win_forkplayground { meta: id = "ec9af403-7647-447d-af17-c6931363a166" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_gosecretsdump.yar b/yara_rules/tool_win_gosecretsdump.yar similarity index 95% rename from yara_rules/sekoiaio_tool_win_gosecretsdump.yar rename to yara_rules/tool_win_gosecretsdump.yar index e93c1cd..9a734b5 100644 --- a/yara_rules/sekoiaio_tool_win_gosecretsdump.yar +++ b/yara_rules/tool_win_gosecretsdump.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_win_gosecretsdump { +rule tool_win_gosecretsdump { meta: id = "9225fe95-e37c-48ff-b5b5-680f255349bd" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_lightrail.yar b/yara_rules/tool_win_lightrail.yar similarity index 96% rename from yara_rules/sekoiaio_tool_win_lightrail.yar rename to yara_rules/tool_win_lightrail.yar index 5f79f57..3596819 100644 --- a/yara_rules/sekoiaio_tool_win_lightrail.yar +++ b/yara_rules/tool_win_lightrail.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_win_lightrail { +rule tool_win_lightrail { meta: id = "39259f2c-11fe-4edd-8a9e-f36920132272" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_sharpshares.yar b/yara_rules/tool_win_sharpshares.yar similarity index 96% rename from yara_rules/sekoiaio_tool_win_sharpshares.yar rename to yara_rules/tool_win_sharpshares.yar index b338514..e8fad58 100644 --- a/yara_rules/sekoiaio_tool_win_sharpshares.yar +++ b/yara_rules/tool_win_sharpshares.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_win_sharpshares { +rule tool_win_sharpshares { meta: id = "ef90d573-12f8-4216-9a9e-96e7d1e841d0" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_win_snap2html.yar b/yara_rules/tool_win_snap2html.yar similarity index 96% rename from yara_rules/sekoiaio_tool_win_snap2html.yar rename to yara_rules/tool_win_snap2html.yar index ef8cc2c..b437511 100644 --- a/yara_rules/sekoiaio_tool_win_snap2html.yar +++ b/yara_rules/tool_win_snap2html.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_win_snap2html { +rule tool_win_snap2html { meta: id = "9865daac-f23b-417e-813e-cbed03f45161" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_xiebroc2_strings.yar b/yara_rules/tool_xiebroc2_strings.yar similarity index 97% rename from yara_rules/sekoiaio_tool_xiebroc2_strings.yar rename to yara_rules/tool_xiebroc2_strings.yar index d9f204d..087ae7d 100644 --- a/yara_rules/sekoiaio_tool_xiebroc2_strings.yar +++ b/yara_rules/tool_xiebroc2_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_xiebroc2_strings { +rule tool_xiebroc2_strings { meta: id = "8451878e-5371-440b-b8ac-f9e6f7643d3c" version = "1.0" diff --git a/yara_rules/sekoiaio_tool_yasso_strings.yar b/yara_rules/tool_yasso_strings.yar similarity index 94% rename from yara_rules/sekoiaio_tool_yasso_strings.yar rename to yara_rules/tool_yasso_strings.yar index 1b2dfb7..e141a12 100644 --- a/yara_rules/sekoiaio_tool_yasso_strings.yar +++ b/yara_rules/tool_yasso_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_tool_yasso_strings { +rule tool_yasso_strings { meta: id = "31ec7510-6770-4fde-b835-e8b12f8f2b30" version = "1.0" diff --git a/yara_rules/sekoiaio_trojan_and_keepspy.yar b/yara_rules/trojan_and_keepspy.yar similarity index 95% rename from yara_rules/sekoiaio_trojan_and_keepspy.yar rename to yara_rules/trojan_and_keepspy.yar index 5624e8f..ba61794 100644 --- a/yara_rules/sekoiaio_trojan_and_keepspy.yar +++ b/yara_rules/trojan_and_keepspy.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_and_keepspy { +rule trojan_and_keepspy { meta: id = "9390e7c8-a996-45cc-b642-c23d4b7dcf34" version = "1.0" diff --git a/yara_rules/sekoiaio_trojan_android_brata.yar b/yara_rules/trojan_android_brata.yar similarity index 96% rename from yara_rules/sekoiaio_trojan_android_brata.yar rename to yara_rules/trojan_android_brata.yar index f577605..8427315 100644 --- a/yara_rules/sekoiaio_trojan_android_brata.yar +++ b/yara_rules/trojan_android_brata.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_android_brata { +rule trojan_android_brata { meta: id = "fde9b82e-c677-44ed-b512-b225a3aba201" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_trojan_android_cerberus.yar b/yara_rules/trojan_android_cerberus.yar similarity index 95% rename from yara_rules/sekoiaio_trojan_android_cerberus.yar rename to yara_rules/trojan_android_cerberus.yar index 6a4b7dc..33f6f17 100644 --- a/yara_rules/sekoiaio_trojan_android_cerberus.yar +++ b/yara_rules/trojan_android_cerberus.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_android_cerberus { +rule trojan_android_cerberus { meta: id = "3ea398bd-a80c-40f4-ad52-73b528add4ad" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_trojan_android_xenomorph.yar b/yara_rules/trojan_android_xenomorph.yar similarity index 93% rename from yara_rules/sekoiaio_trojan_android_xenomorph.yar rename to yara_rules/trojan_android_xenomorph.yar index 3a1be6b..a813ad7 100644 --- a/yara_rules/sekoiaio_trojan_android_xenomorph.yar +++ b/yara_rules/trojan_android_xenomorph.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_android_xenomorph { +rule trojan_android_xenomorph { meta: id = "ec65ca1b-e71f-4772-8be0-2a2b6a690987" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_trojan_win_bbtok_dll1_sep23.yar b/yara_rules/trojan_win_bbtok_dll1_sep23.yar similarity index 96% rename from yara_rules/sekoiaio_trojan_win_bbtok_dll1_sep23.yar rename to yara_rules/trojan_win_bbtok_dll1_sep23.yar index 66d6a1c..2b7d250 100644 --- a/yara_rules/sekoiaio_trojan_win_bbtok_dll1_sep23.yar +++ b/yara_rules/trojan_win_bbtok_dll1_sep23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_win_bbtok_dll1_sep23 { +rule trojan_win_bbtok_dll1_sep23 { meta: id = "eebed24b-24ec-4a85-852c-52d0acc9a698" version = "1.0" diff --git a/yara_rules/sekoiaio_trojan_win_bbtok_iso_sep23.yar b/yara_rules/trojan_win_bbtok_iso_sep23.yar similarity index 95% rename from yara_rules/sekoiaio_trojan_win_bbtok_iso_sep23.yar rename to yara_rules/trojan_win_bbtok_iso_sep23.yar index bd5bae9..4567ced 100644 --- a/yara_rules/sekoiaio_trojan_win_bbtok_iso_sep23.yar +++ b/yara_rules/trojan_win_bbtok_iso_sep23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_win_bbtok_iso_sep23 { +rule trojan_win_bbtok_iso_sep23 { meta: id = "6032853d-b872-4b2e-913d-366e7f3d0f32" version = "1.0" diff --git a/yara_rules/sekoiaio_trojan_win_bbtok_lnk_sep23.yar b/yara_rules/trojan_win_bbtok_lnk_sep23.yar similarity index 95% rename from yara_rules/sekoiaio_trojan_win_bbtok_lnk_sep23.yar rename to yara_rules/trojan_win_bbtok_lnk_sep23.yar index eb2530b..5d84b8e 100644 --- a/yara_rules/sekoiaio_trojan_win_bbtok_lnk_sep23.yar +++ b/yara_rules/trojan_win_bbtok_lnk_sep23.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_win_bbtok_lnk_sep23 { +rule trojan_win_bbtok_lnk_sep23 { meta: id = "b1d5dae6-d92f-4a4a-ae90-528cdb3e9e4c" version = "1.0" diff --git a/yara_rules/sekoiaio_trojan_win_grandoreiro.yar b/yara_rules/trojan_win_grandoreiro.yar similarity index 96% rename from yara_rules/sekoiaio_trojan_win_grandoreiro.yar rename to yara_rules/trojan_win_grandoreiro.yar index 5343948..e0c80a3 100644 --- a/yara_rules/sekoiaio_trojan_win_grandoreiro.yar +++ b/yara_rules/trojan_win_grandoreiro.yar @@ -1,4 +1,4 @@ -rule sekoiaio_trojan_win_grandoreiro { +rule trojan_win_grandoreiro { meta: version = "1.0" description = "Finds Grandorerio samples based on the specific strings" diff --git a/yara_rules/sekoiaio_truesightkiller_avkiller_strings.yar b/yara_rules/truesightkiller_avkiller_strings.yar similarity index 97% rename from yara_rules/sekoiaio_truesightkiller_avkiller_strings.yar rename to yara_rules/truesightkiller_avkiller_strings.yar index bc32f07..19046dc 100644 --- a/yara_rules/sekoiaio_truesightkiller_avkiller_strings.yar +++ b/yara_rules/truesightkiller_avkiller_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_truesightkiller_avkiller_strings { +rule truesightkiller_avkiller_strings { meta: id = "8f249ac4-5181-4169-9eb2-7d73ec4fd68d" version = "1.0" diff --git a/yara_rules/sekoiaio_typhon_reborn_stealer.yar b/yara_rules/typhon_reborn_stealer.yar similarity index 92% rename from yara_rules/sekoiaio_typhon_reborn_stealer.yar rename to yara_rules/typhon_reborn_stealer.yar index 53a29d9..c4e1473 100644 --- a/yara_rules/sekoiaio_typhon_reborn_stealer.yar +++ b/yara_rules/typhon_reborn_stealer.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_typhon_reborn_stealer { +rule typhon_reborn_stealer { meta: id = "aab7279b-b651-4092-b988-d186d0a433de" version = "1.0" diff --git a/yara_rules/sekoiaio_unk_quad7_fsynet_strings.yar b/yara_rules/unk_quad7_fsynet_strings.yar similarity index 95% rename from yara_rules/sekoiaio_unk_quad7_fsynet_strings.yar rename to yara_rules/unk_quad7_fsynet_strings.yar index 8cd7402..78cad95 100644 --- a/yara_rules/sekoiaio_unk_quad7_fsynet_strings.yar +++ b/yara_rules/unk_quad7_fsynet_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_unk_quad7_fsynet_strings { +rule unk_quad7_fsynet_strings { meta: id = "897b2421-c177-48c0-8f5b-82d8434208cb" version = "1.0" diff --git a/yara_rules/sekoiaio_unk_quad7_netd_strings.yar b/yara_rules/unk_quad7_netd_strings.yar similarity index 93% rename from yara_rules/sekoiaio_unk_quad7_netd_strings.yar rename to yara_rules/unk_quad7_netd_strings.yar index 1021de9..2060d8d 100644 --- a/yara_rules/sekoiaio_unk_quad7_netd_strings.yar +++ b/yara_rules/unk_quad7_netd_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_unk_quad7_netd_strings { +rule unk_quad7_netd_strings { meta: id = "3f527f0e-c101-4356-9024-fc61aea644d1" version = "1.0" diff --git a/yara_rules/sekoiaio_unk_quad7_updtae_reverse_shell_strings.yar b/yara_rules/unk_quad7_updtae_reverse_shell_strings.yar similarity index 92% rename from yara_rules/sekoiaio_unk_quad7_updtae_reverse_shell_strings.yar rename to yara_rules/unk_quad7_updtae_reverse_shell_strings.yar index 4a0dca8..12f99a7 100644 --- a/yara_rules/sekoiaio_unk_quad7_updtae_reverse_shell_strings.yar +++ b/yara_rules/unk_quad7_updtae_reverse_shell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_unk_quad7_updtae_reverse_shell_strings { +rule unk_quad7_updtae_reverse_shell_strings { meta: id = "02d5394e-734c-4744-b293-1bf96bf1518c" version = "1.0" diff --git a/yara_rules/sekoiaio_unknown_7777_xlogin.yar b/yara_rules/unknown_7777_xlogin.yar similarity index 95% rename from yara_rules/sekoiaio_unknown_7777_xlogin.yar rename to yara_rules/unknown_7777_xlogin.yar index dbc1bc9..2dafc32 100644 --- a/yara_rules/sekoiaio_unknown_7777_xlogin.yar +++ b/yara_rules/unknown_7777_xlogin.yar @@ -1,4 +1,4 @@ -rule sekoiaio_unknown_7777_xlogin { +rule unknown_7777_xlogin { meta: id = "ce0beffc-f957-43ef-a739-f4a1099a7a67" version = "1.0" diff --git a/yara_rules/sekoiaio_unknown_quad7_wildcard_login.yar b/yara_rules/unknown_quad7_wildcard_login.yar similarity index 94% rename from yara_rules/sekoiaio_unknown_quad7_wildcard_login.yar rename to yara_rules/unknown_quad7_wildcard_login.yar index 5e798d2..413706a 100644 --- a/yara_rules/sekoiaio_unknown_quad7_wildcard_login.yar +++ b/yara_rules/unknown_quad7_wildcard_login.yar @@ -1,4 +1,4 @@ -rule sekoiaio_unknown_quad7_wildcard_login { +rule unknown_quad7_wildcard_login { meta: id = "01510244-0795-4299-aa66-056a2b4682e7" version = "1.0" diff --git a/yara_rules/sekoiaio_ursnif.yar b/yara_rules/ursnif.yar similarity index 98% rename from yara_rules/sekoiaio_ursnif.yar rename to yara_rules/ursnif.yar index b95cd8b..e53cfcb 100644 --- a/yara_rules/sekoiaio_ursnif.yar +++ b/yara_rules/ursnif.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ursnif { +rule ursnif { meta: description = "Ursnif Payload" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_ursnif_ldr4.yar b/yara_rules/ursnif_ldr4.yar similarity index 97% rename from yara_rules/sekoiaio_ursnif_ldr4.yar rename to yara_rules/ursnif_ldr4.yar index 1a572e6..dc0e134 100644 --- a/yara_rules/sekoiaio_ursnif_ldr4.yar +++ b/yara_rules/ursnif_ldr4.yar @@ -1,4 +1,4 @@ -rule sekoiaio_ursnif_ldr4 { +rule ursnif_ldr4 { meta: description = "Ursnif LDR4" author = "Sekoia.io" diff --git a/yara_rules/sekoiaio_vpn_mul_softether.yar b/yara_rules/vpn_mul_softether.yar similarity index 96% rename from yara_rules/sekoiaio_vpn_mul_softether.yar rename to yara_rules/vpn_mul_softether.yar index b127884..2ffb186 100644 --- a/yara_rules/sekoiaio_vpn_mul_softether.yar +++ b/yara_rules/vpn_mul_softether.yar @@ -1,4 +1,4 @@ -rule sekoiaio_vpn_mul_softether { +rule vpn_mul_softether { meta: id = "a1fbf4fe-b934-4a66-b6b1-ebe2f83505cd" version = "1.0" diff --git a/yara_rules/sekoiaio_water_sigbin_group.yar b/yara_rules/water_sigbin_group.yar similarity index 93% rename from yara_rules/sekoiaio_water_sigbin_group.yar rename to yara_rules/water_sigbin_group.yar index 6846a5c..1096d42 100644 --- a/yara_rules/sekoiaio_water_sigbin_group.yar +++ b/yara_rules/water_sigbin_group.yar @@ -1,4 +1,4 @@ -rule sekoiaio_water_sigbin_group { +rule water_sigbin_group { meta: id = "c49728e8-db7e-4d83-97d2-7d56b51f8a52" version = "1.0" diff --git a/yara_rules/sekoiaio_webshell_icesword_strings.yar b/yara_rules/webshell_icesword_strings.yar similarity index 93% rename from yara_rules/sekoiaio_webshell_icesword_strings.yar rename to yara_rules/webshell_icesword_strings.yar index 1797860..568eb22 100644 --- a/yara_rules/sekoiaio_webshell_icesword_strings.yar +++ b/yara_rules/webshell_icesword_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_webshell_icesword_strings { +rule webshell_icesword_strings { meta: id = "2c6b3cec-4200-4386-8cd5-4004c9b5b96a" version = "1.0" diff --git a/yara_rules/sekoiaio_webshell_wso_webshell_strings.yar b/yara_rules/webshell_wso_webshell_strings.yar similarity index 92% rename from yara_rules/sekoiaio_webshell_wso_webshell_strings.yar rename to yara_rules/webshell_wso_webshell_strings.yar index 1035e0c..e910c42 100644 --- a/yara_rules/sekoiaio_webshell_wso_webshell_strings.yar +++ b/yara_rules/webshell_wso_webshell_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_webshell_wso_webshell_strings { +rule webshell_wso_webshell_strings { meta: id = "84340792-73a4-4d61-9957-6cfa1f6444a7" version = "1.0" diff --git a/yara_rules/sekoiaio_weevely_webshell_payload.yar b/yara_rules/weevely_webshell_payload.yar similarity index 91% rename from yara_rules/sekoiaio_weevely_webshell_payload.yar rename to yara_rules/weevely_webshell_payload.yar index b34565f..da032e3 100644 --- a/yara_rules/sekoiaio_weevely_webshell_payload.yar +++ b/yara_rules/weevely_webshell_payload.yar @@ -1,4 +1,4 @@ -rule sekoiaio_weevely_webshell_payload { +rule weevely_webshell_payload { meta: id = "f2879c6e-3d1b-41be-8b1d-4f0503fd4b29" version = "1.0" diff --git a/yara_rules/sekoiaio_win_clipper_generic.yar b/yara_rules/win_clipper_generic.yar similarity index 96% rename from yara_rules/sekoiaio_win_clipper_generic.yar rename to yara_rules/win_clipper_generic.yar index 5915a20..128e68d 100644 --- a/yara_rules/sekoiaio_win_clipper_generic.yar +++ b/yara_rules/win_clipper_generic.yar @@ -1,4 +1,4 @@ -rule sekoiaio_win_clipper_generic { +rule win_clipper_generic { meta: id = "a94b3d01-dbc7-41e4-8d45-793bf443b1d2" version = "1.0" diff --git a/yara_rules/sekoiaio_win_infostealer_serpent_strings.yar b/yara_rules/win_infostealer_serpent_strings.yar similarity index 93% rename from yara_rules/sekoiaio_win_infostealer_serpent_strings.yar rename to yara_rules/win_infostealer_serpent_strings.yar index 67f4f24..eb88103 100644 --- a/yara_rules/sekoiaio_win_infostealer_serpent_strings.yar +++ b/yara_rules/win_infostealer_serpent_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_win_infostealer_serpent_strings { +rule win_infostealer_serpent_strings { meta: id = "ad9e2366-c95e-4090-a0db-48f3cc325209" version = "1.0" diff --git a/yara_rules/sekoiaio_win_loader_astasialoader_strings.yar b/yara_rules/win_loader_astasialoader_strings.yar similarity index 94% rename from yara_rules/sekoiaio_win_loader_astasialoader_strings.yar rename to yara_rules/win_loader_astasialoader_strings.yar index 489b0b2..2d85e71 100644 --- a/yara_rules/sekoiaio_win_loader_astasialoader_strings.yar +++ b/yara_rules/win_loader_astasialoader_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_win_loader_astasialoader_strings { +rule win_loader_astasialoader_strings { meta: id = "8dfabf28-4b5a-43db-87e9-5b9080541ec3" version = "1.0" diff --git a/yara_rules/sekoiaio_win_malware_agnianestealer.yar b/yara_rules/win_malware_agnianestealer.yar similarity index 91% rename from yara_rules/sekoiaio_win_malware_agnianestealer.yar rename to yara_rules/win_malware_agnianestealer.yar index 29e4a3f..67c9007 100644 --- a/yara_rules/sekoiaio_win_malware_agnianestealer.yar +++ b/yara_rules/win_malware_agnianestealer.yar @@ -1,4 +1,4 @@ -rule sekoiaio_win_malware_agnianestealer { +rule win_malware_agnianestealer { meta: id = "704c85b7-8b82-4160-ae1b-fd1054cae8e2" version = "1.0" diff --git a/yara_rules/sekoiaio_win_malware_janelarat_strings.yar b/yara_rules/win_malware_janelarat_strings.yar similarity index 92% rename from yara_rules/sekoiaio_win_malware_janelarat_strings.yar rename to yara_rules/win_malware_janelarat_strings.yar index 7dad55d..74a5518 100644 --- a/yara_rules/sekoiaio_win_malware_janelarat_strings.yar +++ b/yara_rules/win_malware_janelarat_strings.yar @@ -1,4 +1,4 @@ -rule sekoiaio_win_malware_janelarat_strings { +rule win_malware_janelarat_strings { meta: id = "891f182e-8a7a-4d0c-a481-62c198bb901b" version = "1.0" diff --git a/yara_rules/sekoiaio_win_malware_statc_downloader.yar b/yara_rules/win_malware_statc_downloader.yar similarity index 97% rename from yara_rules/sekoiaio_win_malware_statc_downloader.yar rename to yara_rules/win_malware_statc_downloader.yar index e2e48e6..d62fea7 100644 --- a/yara_rules/sekoiaio_win_malware_statc_downloader.yar +++ b/yara_rules/win_malware_statc_downloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_win_malware_statc_downloader { +rule win_malware_statc_downloader { meta: id = "4a2e9607-635b-4cd8-ba27-d70e0c76fd45" version = "1.0" diff --git a/yara_rules/sekoiaio_wiper_hermeticwiper_variants.yar b/yara_rules/wiper_hermeticwiper_variants.yar similarity index 94% rename from yara_rules/sekoiaio_wiper_hermeticwiper_variants.yar rename to yara_rules/wiper_hermeticwiper_variants.yar index be5a39b..1a1f5e2 100644 --- a/yara_rules/sekoiaio_wiper_hermeticwiper_variants.yar +++ b/yara_rules/wiper_hermeticwiper_variants.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_wiper_hermeticwiper_variants { +rule wiper_hermeticwiper_variants { meta: id = "102ecf15-167e-49e4-932c-6334e3cdcc69" version = "1.0" diff --git a/yara_rules/sekoiaio_wiper_win_caddywiper.yar b/yara_rules/wiper_win_caddywiper.yar similarity index 97% rename from yara_rules/sekoiaio_wiper_win_caddywiper.yar rename to yara_rules/wiper_win_caddywiper.yar index f5886c4..b39762e 100644 --- a/yara_rules/sekoiaio_wiper_win_caddywiper.yar +++ b/yara_rules/wiper_win_caddywiper.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_wiper_win_caddywiper { +rule wiper_win_caddywiper { meta: id = "869d44ff-79fc-403d-a45d-d33712da5bd0" version = "1.0" diff --git a/yara_rules/sekoiaio_wiper_win_dnwipe.yar b/yara_rules/wiper_win_dnwipe.yar similarity index 95% rename from yara_rules/sekoiaio_wiper_win_dnwipe.yar rename to yara_rules/wiper_win_dnwipe.yar index d1fa02b..3ab672a 100644 --- a/yara_rules/sekoiaio_wiper_win_dnwipe.yar +++ b/yara_rules/wiper_win_dnwipe.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_wiper_win_dnwipe { +rule wiper_win_dnwipe { meta: id = "522fdaa5-8fe6-4e37-aaf8-13e3a7787d21" version = "1.0" diff --git a/yara_rules/sekoiaio_wiper_win_isaacwiper.yar b/yara_rules/wiper_win_isaacwiper.yar similarity index 98% rename from yara_rules/sekoiaio_wiper_win_isaacwiper.yar rename to yara_rules/wiper_win_isaacwiper.yar index 54c4829..0742390 100644 --- a/yara_rules/sekoiaio_wiper_win_isaacwiper.yar +++ b/yara_rules/wiper_win_isaacwiper.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_wiper_win_isaacwiper { +rule wiper_win_isaacwiper { meta: id = "b081e3a3-612e-46ae-93af-82e7ee98fcf7" version = "1.0" diff --git a/yara_rules/sekoiaio_wiper_win_nominatus_toxicbattery.yar b/yara_rules/wiper_win_nominatus_toxicbattery.yar similarity index 96% rename from yara_rules/sekoiaio_wiper_win_nominatus_toxicbattery.yar rename to yara_rules/wiper_win_nominatus_toxicbattery.yar index 0418245..cd76c24 100644 --- a/yara_rules/sekoiaio_wiper_win_nominatus_toxicbattery.yar +++ b/yara_rules/wiper_win_nominatus_toxicbattery.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_wiper_win_nominatus_toxicbattery { +rule wiper_win_nominatus_toxicbattery { meta: id = "0262378f-f509-4ea4-a3eb-cd0183c4361d" version = "1.0" diff --git a/yara_rules/sekoiaio_wiper_win_ruransom.yar b/yara_rules/wiper_win_ruransom.yar similarity index 95% rename from yara_rules/sekoiaio_wiper_win_ruransom.yar rename to yara_rules/wiper_win_ruransom.yar index 47675bb..d8c135f 100644 --- a/yara_rules/sekoiaio_wiper_win_ruransom.yar +++ b/yara_rules/wiper_win_ruransom.yar @@ -1,7 +1,7 @@ import "pe" import "hash" -rule sekoiaio_wiper_win_ruransom { +rule wiper_win_ruransom { meta: id = "7bf3694b-c689-482f-88cd-b1f3b86bbc36" version = "1.0" diff --git a/yara_rules/sekoiaio_xworm_dotnet_injector.yar b/yara_rules/xworm_dotnet_injector.yar similarity index 97% rename from yara_rules/sekoiaio_xworm_dotnet_injector.yar rename to yara_rules/xworm_dotnet_injector.yar index 9006dd1..962ea96 100644 --- a/yara_rules/sekoiaio_xworm_dotnet_injector.yar +++ b/yara_rules/xworm_dotnet_injector.yar @@ -1,4 +1,4 @@ -rule sekoiaio_xworm_dotnet_injector { +rule xworm_dotnet_injector { meta: id = "50581a9d-afc3-43da-9e34-3a553cbd01b4" version = "1.0" diff --git a/yara_rules/sekoiaio_yara_runascs.yar b/yara_rules/yara_runascs.yar similarity index 97% rename from yara_rules/sekoiaio_yara_runascs.yar rename to yara_rules/yara_runascs.yar index fd166ba..4dce828 100644 --- a/yara_rules/sekoiaio_yara_runascs.yar +++ b/yara_rules/yara_runascs.yar @@ -1,6 +1,6 @@ import "pe" -rule sekoiaio_yara_runascs { +rule yara_runascs { meta: id = "1720f042-2cc6-4ef1-b66c-fe8a4214366a" version = "1.0" diff --git a/yara_rules/sekoiaio_zip_win_abcloader.yar b/yara_rules/zip_win_abcloader.yar similarity index 93% rename from yara_rules/sekoiaio_zip_win_abcloader.yar rename to yara_rules/zip_win_abcloader.yar index cd2e7c2..97bf492 100644 --- a/yara_rules/sekoiaio_zip_win_abcloader.yar +++ b/yara_rules/zip_win_abcloader.yar @@ -1,4 +1,4 @@ -rule sekoiaio_zip_win_abcloader { +rule zip_win_abcloader { meta: id = "0d14b34a-9095-48fa-b616-4e8239f3b547" version = "1.0"