diff --git a/rules/combo/botnet/passwords.yara b/rules/combo/botnet/passwords.yara index 6a12b03fc..10db571ef 100644 --- a/rules/combo/botnet/passwords.yara +++ b/rules/combo/botnet/passwords.yara @@ -23,6 +23,8 @@ rule router_password_references : critical { $f_passw0rd = "Passw0rd" $f_admin123 = "admin123" $f_Admin123 = "Admin123" + $not_frequency_list = "var frequency_lists;frequency_lists={passwords:" + $not_frequency_list2 = {76 61 72 20 66 72 65 71 75 65 6E 63 79 5F 6C 69 73 74 73 3B 0A 0A 66 72 65 71 75 65 6E 63 79 5F 6C 69 73 74 73 20 3D 20 7B 0A 20 20 70 61 73 73 77 6F 72 64 73 3A 20} $not_onepassword_sdk = "github.com/1password/onepassword-sdk" condition: 8 of ($f*) and none of ($not*) diff --git a/samples.tar.gz.aa b/samples.tar.gz.aa index 26628225c..35bcc0e71 100644 Binary files a/samples.tar.gz.aa and b/samples.tar.gz.aa differ diff --git a/samples.tar.gz.ab b/samples.tar.gz.ab index 8393a31de..9f5b6e8bd 100644 Binary files a/samples.tar.gz.ab and b/samples.tar.gz.ab differ diff --git a/samples.tar.gz.ac b/samples.tar.gz.ac index 462615ef5..de691a18f 100644 Binary files a/samples.tar.gz.ac and b/samples.tar.gz.ac differ diff --git a/samples.tar.gz.ad b/samples.tar.gz.ad index c7123ffbb..5dadd97bf 100644 Binary files a/samples.tar.gz.ad and b/samples.tar.gz.ad differ