[clamav-users] Malware/ransomware and Yara signatures with clamav
Eric Tykwinski
eric-list at truenet.com
Mon May 15 19:47:02 UTC 2017
Just as a side note, normal rules are catching the samples, so I don't know
if it would display both YARA and the others.
Here's what the samples show without YARA:
./CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE:
Win.Ransomware.WannaCry-6313053-0 FOUND
./CYBERed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.EXE:
Win.Trojan.Agent-6312832-0 FOUND
I tested with one YARA script I saw on twitter (Florian Roth), but it didn't
catch them, so I can't really help out more.
Don't know if that's my end or not, just a default install with Homebrew on
OSX to test it out.
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
More information about the clamav-users
mailing list