Add public_red option and enforce TLP search rules #2927
Warnings found
| Status | Count | |
|---|---|---|
| 🟢 | Files OK | 153 |
| 🟠 | Files with warnings | 3 |
| 🔴 | Files with errors | 0 |
| ⚪ | Files ignored | 1124 |
Annotations
Check warning on line 8 in data/yara/CAPE/ChaosBot.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/ChaosBot.yar#L8
warning[text_as_hex]: hex pattern could be written as text literal
--> line:8:15
|
8 | $s1 = { 48 6f 73 74 20 20 63 6f 6e 6e 65 63 74 65 64 2c 20 63 68 61 6e 6e 65 6c 20 63 72 65 61 74 65 64 3a 20 3c }
| ------------------------------------------------------------------------------------------------------------ this pattern can be written as a text literal
|
help: consider the following change
|
8 - $s1 = { 48 6f 73 74 20 20 63 6f 6e 6e 65 63 74 65 64 2c 20 63 68 61 6e 6e 65 6c 20 63 72 65 61 74 65 64 3a 20 3c }
8 + $s1 = "Host connected, channel created: <"
|
Check warning on line 9 in data/yara/CAPE/ChaosBot.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/ChaosBot.yar#L9
warning[text_as_hex]: hex pattern could be written as text literal
--> line:9:15
|
9 | ... = { 73 68 65 6c 6c 20 64 6f 77 6e 6c 6f 61 64 20 63 64 20 46 61 69 6c 65 64 20 74 6f 20 63 68 61 6e 67 65 20 64 69 72 65 63 74 6f 72 79 3a }
| ------------------------------------------------------------------------------------------------------------------------------------------ this pattern can be written as a text literal
|
help: consider the following change
|
9 - $s2 = { 73 68 65 6c 6c 20 64 6f 77 6e 6c 6f 61 64 20 63 64 20 46 61 69 6c 65 64 20 74 6f 20 63 68 61 6e 67 65 20 64 69 72 65 63 74 6f 72 79 3a }
9 + $s2 = "shell download cd Failed to change directory:"
|
Check warning on line 10 in data/yara/CAPE/ChaosBot.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/ChaosBot.yar#L10
warning[text_as_hex]: hex pattern could be written as text literal
--> line:10:15
|
10 | ... = { 56 69 72 74 75 61 6c 50 72 6f 74 65 63 74 41 6d 73 69 53 63 61 6e 42 75 66 66 65 72 45 74 77 45 76 65 6e 74 57 72 69 74 65 43 4f 4d 50 55 54 45 52 4e 41 4d 45 }
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------ this pattern can be written as a text literal
|
help: consider the following change
|
10 - $s3 = { 56 69 72 74 75 61 6c 50 72 6f 74 65 63 74 41 6d 73 69 53 63 61 6e 42 75 66 66 65 72 45 74 77 45 76 65 6e 74 57 72 69 74 65 43 4f 4d 50 55 54 45 52 4e 41 4d 45 }
10 + $s3 = "VirtualProtectAmsiScanBufferEtwEventWriteCOMPUTERNAME"
|
Check warning on line 11 in data/yara/CAPE/ChaosBot.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/ChaosBot.yar#L11
warning[text_as_hex]: hex pattern could be written as text literal
--> line:11:15
|
11 | $s4 = { 43 3a 5c 55 73 65 72 73 5c 50 75 62 6c 69 63 5c 6d 65 73 73 61 67 65 5f 2e 74 78 74 }
| --------------------------------------------------------------------------------------- this pattern can be written as a text literal
|
help: consider the following change
|
11 - $s4 = { 43 3a 5c 55 73 65 72 73 5c 50 75 62 6c 69 63 5c 6d 65 73 73 61 67 65 5f 2e 74 78 74 }
11 + $s4 = "C:\\Users\\Public\\message_.txt"
|
Check warning on line 8 in data/yara/CAPE/NetTraveler.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/NetTraveler.yar#L8
warning[text_as_hex]: hex pattern could be written as text literal
--> line:8:20
|
8 | $string1 = { 4E 61 6D 65 3A 09 25 73
| ____________________-
9 | | 0D 0A 54 79 70 65 3A 09
10 | | 25 73 0D 0A 53 65 72 76
11 | | 65 72 3A 09 25 73 0D 0A } // Name:\t%s\r\nType:\t%s\r\nServer:\t%s\r\n
| |______________________________________________- this pattern can be written as a text literal
|
help: consider the following change
|
8 - $string1 = { 4E 61 6D 65 3A 09 25 73
9 - 0D 0A 54 79 70 65 3A 09
10 - 25 73 0D 0A 53 65 72 76
11 - 65 72 3A 09 25 73 0D 0A } // Name:\t%s\r\nType:\t%s\r\nServer:\t%s\r\n
8 + $string1 = "Name:\t%s\r\nType:\t%s\r\nServer:\t%s\r\n" // Name:\t%s\r\nType:\t%s\r\nServer:\t%s\r\n
|
Check warning on line 28 in data/yara/CAPE/Zloader.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/Zloader.yar#L28
warning[consecutive_jumps]: consecutive jumps in hex pattern `$conf_1`
--> line:28:63
|
28 | $conf_1 = {48 01 ?? 48 8D 15 [4] 41 B8 ?? 04 00 00 E8 [4] [0-5] C7 [1-2] 00 00 00 00}
| --------- these consecutive jumps will be treated as [4-9]
|
help: consider the following change
|
28 - $conf_1 = {48 01 ?? 48 8D 15 [4] 41 B8 ?? 04 00 00 E8 [4] [0-5] C7 [1-2] 00 00 00 00}
28 + $conf_1 = {48 01 ?? 48 8D 15 [4] 41 B8 ?? 04 00 00 E8 [4-9] C7 [1-2] 00 00 00 00}
|
Check warning on line 29 in data/yara/CAPE/Zloader.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/Zloader.yar#L29
warning[consecutive_jumps]: consecutive jumps in hex pattern `$confkey_1`
--> line:29:57
|
29 | $confkey_1 = {48 8D 15 [4] 48 89 ?? 49 89 ?? E8 [4] [0-5] C7 [1-2] 00 00 00 00}
| --------- these consecutive jumps will be treated as [4-9]
|
help: consider the following change
|
29 - $confkey_1 = {48 8D 15 [4] 48 89 ?? 49 89 ?? E8 [4] [0-5] C7 [1-2] 00 00 00 00}
29 + $confkey_1 = {48 8D 15 [4] 48 89 ?? 49 89 ?? E8 [4-9] C7 [1-2] 00 00 00 00}
|
Check warning on line 30 in data/yara/CAPE/Zloader.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/Zloader.yar#L30
warning[consecutive_jumps]: consecutive jumps in hex pattern `$confkey_2`
--> line:30:66
|
30 | $confkey_2 = {48 01 ?? 48 8D 15 [4] 41 B8 10 00 00 00 E8 [4] [0-5] C7 [1-2] 00 00 00 00 (48 8B|8B)}
| --------- these consecutive jumps will be treated as [4-9]
|
help: consider the following change
|
30 - $confkey_2 = {48 01 ?? 48 8D 15 [4] 41 B8 10 00 00 00 E8 [4] [0-5] C7 [1-2] 00 00 00 00 (48 8B|8B)}
30 + $confkey_2 = {48 01 ?? 48 8D 15 [4] 41 B8 10 00 00 00 E8 [4-9] C7 [1-2] 00 00 00 00 (48 8B|8B)}
|
Check warning on line 31 in data/yara/CAPE/Zloader.yar
virustotal-yara-ci / Rules Analysis
data/yara/CAPE/Zloader.yar#L31
warning[consecutive_jumps]: consecutive jumps in hex pattern `$confkey_3`
--> line:31:66
|
31 | $confkey_3 = {48 01 ?? 48 8D 15 [4] 41 B8 10 00 00 00 E8 [4] [0-5] C7 [1-2] 00 00 00 00 48 83 C4}
| --------- these consecutive jumps will be treated as [4-9]
|
help: consider the following change
|
31 - $confkey_3 = {48 01 ?? 48 8D 15 [4] 41 B8 10 00 00 00 E8 [4] [0-5] C7 [1-2] 00 00 00 00 48 83 C4}
31 + $confkey_3 = {48 01 ?? 48 8D 15 [4] 41 B8 10 00 00 00 E8 [4-9] C7 [1-2] 00 00 00 00 48 83 C4}
|