From 099090a80914d4b59021f25379429ece920a4d5d Mon Sep 17 00:00:00 2001 From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> Date: Tue, 23 Mar 2021 09:44:01 +0100 Subject: [PATCH 1/3] Added TweetablePolygonPng --- packers/tweetable-polyglot-png.yar | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 packers/tweetable-polyglot-png.yar diff --git a/packers/tweetable-polyglot-png.yar b/packers/tweetable-polyglot-png.yar new file mode 100644 index 00000000..f8c3a7f9 --- /dev/null +++ b/packers/tweetable-polyglot-png.yar @@ -0,0 +1,19 @@ +rule TweetablePolygonPng { + meta: + description = "tweetable-polyglot-png: https://github.com/DavidBuchanan314/tweetable-polyglot-png" + author = "Manfred Kaiser" + strings: + $magic1 = { 50 4b 01 02 } + $magic2 = { 50 4b 03 04 } + $magic3 = { 50 4b 05 06 } + + condition: + ( + uint32be(0) == 0x89504E47 or + uint32be(0) == 0xFFD8FFE0 + ) and + $magic1 and + $magic2 and + $magic3 + +} From 292a3e5976fc45a7315ff841a99c3984b2fb5a4b Mon Sep 17 00:00:00 2001 From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> Date: Tue, 23 Mar 2021 09:44:54 +0100 Subject: [PATCH 2/3] Update packers_index.yar --- packers_index.yar | 1 + 1 file changed, 1 insertion(+) diff --git a/packers_index.yar b/packers_index.yar index 88b99ba3..3f809493 100644 --- a/packers_index.yar +++ b/packers_index.yar @@ -7,3 +7,4 @@ include "./packers/Javascript_exploit_and_obfuscation.yar" include "./packers/packer.yar" include "./packers/packer_compiler_signatures.yar" include "./packers/peid.yar" +include "./packers/tweetable-polyglot-png.yar" From 3ca61e7e782ddb36eae360360049063ea886d3dc Mon Sep 17 00:00:00 2001 From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> Date: Tue, 23 Mar 2021 10:32:23 +0100 Subject: [PATCH 3/3] Update tweetable-polyglot-png.yar --- packers/tweetable-polyglot-png.yar | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packers/tweetable-polyglot-png.yar b/packers/tweetable-polyglot-png.yar index f8c3a7f9..9facdd2b 100644 --- a/packers/tweetable-polyglot-png.yar +++ b/packers/tweetable-polyglot-png.yar @@ -1,4 +1,4 @@ -rule TweetablePolygonPng { +rule TweetablePolyglotPng { meta: description = "tweetable-polyglot-png: https://github.com/DavidBuchanan314/tweetable-polyglot-png" author = "Manfred Kaiser"