Replaced few GoDaddy's YARA files with link to real source

pyllyukko · Nov 28, 2023 · d679a65 · d679a65 · pyllyukko · Jan 11, 2024
1 parent 2d9d5ed
commit d679a65
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -78,7 +78,7 @@ For a complete list you can run `ansible-playbook --list-tasks harden.yml`.
 * [ClamAV](https://www.clamav.net/) configuration (see [clamav.yml](tasks/clamav.yml))
     * Configures `clamd` & `freshclam` by first generating fresh configurations with [clamconf](https://docs.clamav.net/manual/Usage/Configuration.html#clamconf)
     * Configured ClamAV to unarchive with password "infected" (see [Passwords for archive files](https://docs.clamav.net/manual/Signatures/EncryptedArchives.html) & [ClamAV and ZIP File Decryption](https://blog.didierstevens.com/2017/02/15/quickpost-clamav-and-zip-file-decryption/))
-    * Downloads YARA rules from [Neo23x0](https://github.com/Neo23x0/signature-base), [GCTI](https://github.com/chronicle/GCTI), [Elastic](https://github.com/elastic/protections-artifacts), [YaraRules Project](https://yara-rules.github.io/blog/), [JPCERT/CC](https://github.com/JPCERTCC/jpcert-yara), [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) & [Open-Source-YARA-rules](https://github.com/mikesxrs/Open-Source-YARA-rules) for [ClamAV to use](https://docs.clamav.net/manual/Signatures/YaraRules.html)
+    * Downloads YARA rules from [Neo23x0](https://github.com/Neo23x0/signature-base), [GCTI](https://github.com/chronicle/GCTI), [Elastic](https://github.com/elastic/protections-artifacts), [YaraRules Project](https://yara-rules.github.io/blog/), [JPCERT/CC](https://github.com/JPCERTCC/jpcert-yara), [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/), [Citizen Lab](https://github.com/citizenlab/malware-signatures), [GoDaddy](https://github.com/godaddy/yara-rules) & [Open-Source-YARA-rules](https://github.com/mikesxrs/Open-Source-YARA-rules) for [ClamAV to use](https://docs.clamav.net/manual/Signatures/YaraRules.html)
 * [rkhunter](https://sourceforge.net/projects/rkhunter/) configuration (see [rkhunter.yml](tasks/rkhunter.yml))
 * [Lynis](https://cisofy.com/lynis/) configuration (see [lynis.yml](tasks/lynis.yml))
 * Configures AIDE (see [aide.yml](tasks/aide.yml))

diff --git a/tasks/clamav.yml b/tasks/clamav.yml
@@ -2780,6 +2780,17 @@
             - https://raw.githubusercontent.com/malpedia/signator-rules/main/rules/win.zxxz_auto.yar
             - https://raw.githubusercontent.com/citizenlab/malware-signatures/master/payloads.yara
             - https://raw.githubusercontent.com/citizenlab/malware-signatures/master/filetypes.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/packers/sogu_packer.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/packers/rlpack.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/packers/upx.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/wiper.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/granite_coroner.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/packers/aspack.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/l_exe.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/packers/vmprotect.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/appraisel.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/mimikatz.yara
+            - https://raw.githubusercontent.com/godaddy/yara-rules/master/turla.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/Vinsula/Vinsula_index.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/plxsertr/plxsertr_index.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/RSA/RSA_index.yar
@@ -2814,18 +2825,7 @@
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/abhinavbom/ghostRAT.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/abhinavbom/pos_malwares.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/fox-it/rule%20Ponmocup_plugins.yar
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/sogu_packer.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/rlpack.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/upx.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/wiper.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/granite_coroner.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/aspack.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/l_exe.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/vmprotect.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/reign.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/appraisel.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/mimikatz.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/GoDaddy/turla.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/swood/browser_pass.yar
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/LastLine/AgentTesla.yar
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/arbor/dirtjumper_drive2.yar