Merge pull request elastic#6 from dcode/blog/mozin-about

peasead · web-flow · commit 3fd6f9693ce3 · 2021-07-01T15:55:38.000-05:00
Fix yara syntax
diff --git a/blog/mozin-about/mozi-obfuscation-technique.yara b/blog/mozin-about/mozi-obfuscation-technique.yara
@@ -1,12 +1,14 @@
-rule Mozi Obfuscation Technique {
-   meta:
-       author =  "Elastic Security, Lars Wallenborn (@larsborn)"
-       description = "Detects obfuscation technique used by Mozi botnet."
-string:
-        $a = { 55 50 58 21
-              [4]         
-              00 00 00 00 
-              00 00 00 00 
-              00 00 00 00 }
-condition:
-        all of them
+rule MoziObfuscationTechnique
+{
+  meta:
+    author =  "Elastic Security, Lars Wallenborn (@larsborn)"
+    description = "Detects obfuscation technique used by Mozi botnet."
+  strings:
+    $a = { 55 50 58 21
+           [4]
+           00 00 00 00
+           00 00 00 00
+           00 00 00 00 }
+  condition:
+    all of them
+}
