Sneed-Reactivity/yara-mikesxrs/Novetta/mastersig.yara

73 lines
1.5 KiB
Text
Raw Normal View History

// Glue file for all of the different yara sigs for easier scanning
//
// copyright 2015 Novetta Solutions
// author = Novetta Threat Research & Interdiction Group - trig@novetta.com
// Content distribution
include "HotelAlfa.yara"
// Installers
include "IndiaAlfa.yara"
include "IndiaBravo.yara"
include "IndiaCharlie.yara"
include "IndiaDelta.yara"
include "IndiaEcho.yara"
include "IndiaGolf.yara"
include "IndiaHotel.yara"
include "IndiaJuliett.yara"
include "IndiaWhiskey.yara"
// Keyloggers
include "KiloAlfa.yara"
// Loaders
include "LimaAlfa.yara"
include "LimaBravo.yara"
include "LimaCharlie.yara"
include "LimaDelta.yara"
// Proxies
include "PapaAlfa.yara"
// RATs
include "RomeoAlfa.yara"
include "RomeoBravo.yara"
include "RomeoCharlie.yara"
include "RomeoDelta.yara"
include "RomeoEcho.yara"
include "RomeoFoxtrot.yara"
include "RomeoGolf.yara"
include "RomeoHotel.yara"
include "RomeoWhiskey.yara"
// Spreaders
include "SierraAlfa.yara"
include "SierraBravo.yara"
include "SierraCharlie.yara"
include "SierraJuliettMikeOne.yara"
include "SierraJuliettMikeTwo.yara"
// Tools
include "TangoAlfa.yara"
include "TangoBravo.yara"
// Uninstallers
include "UniformAlfa.yara"
include "UniformJuliett.yara"
// Wipers
include "WhiskeyAlfa.yara"
include "WhiskeyBravo.yara"
include "WhiskeyCharlie.yara"
include "WhiskeyDelta.yara"
// feature detection signatures -- these are error prone
include "general.yara"
include "sharedcode.yara"
include "suicidescripts.yara"
// CERT signatures -- low confidence in these
include "cert_wiper.yara"