Skip to content

Commit

Permalink
Update Rclone.yar
Browse files Browse the repository at this point in the history
  • Loading branch information
@bartblaze
bartblaze authored Jan 8, 2024
1 parent 8541921 commit 358876e
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions rules/generic/Rclone.yar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,7 @@ rule Rclone
source = "BARTBLAZE"
author = "@bartblaze"
description = "Identifies Rclone, sometimes used by attackers to exfiltrate data."
category = "MALWARE"
malware_type = "INFOSTEALER"
category = "INFO"
reference = "https://rclone.org/"


Expand All @@ -29,4 +28,4 @@ rule Rclone
condition:
any of them or for any i in (0..pe.number_of_resources-1) : (pe.resources[i].type==pe.RESOURCE_TYPE_ICON and hash.md5(pe.resources[i].offset,pe.resources[i].length)=="fc675e36c61c8b9d0b956bd05695cdda")
}
}

0 comments on commit 358876e

Please sign in to comment.