Revert "Update apt_apt36_operation_sindoor.yar"

Neo23x0 · Neo23x0 · commit 9aab9de4aa5b · 2025-09-02T09:59:22.000+02:00
This reverts commit df9b9c8.
diff --git a/yara/apt_apt36_operation_sindoor.yar b/yara/apt_apt36_operation_sindoor.yar
@@ -1,5 +1,3 @@
-import "pe"
-
 rule SUSP_LNX_Sindoor_ELF_Obfuscation_Aug25 {
    meta:
       description = "Detects ELF obfuscation technique used by Sindoor dropper related to APT 36"
@@ -52,7 +50,7 @@ rule MAL_Sindoor_Decryptor_Aug25 {
    condition:
       filesize < 100MB
       and (
-         uint16(0) == 0x5a4d  // Windows
+         uint16(0) == 0x5a4d // Windows
          or uint32be(0) == 0x7f454c46  // Linux
          or (uint32be(0) == 0xcafebabe and uint32be(4) < 0x20)  // Universal mach-O App with dont-match-java-class-file hack
          or uint32(0) == 0xfeedface  // 32-bit mach-O
@@ -78,7 +76,7 @@ rule MAL_Sindoor_Downloader_Aug25 {
    condition:
       filesize < 100MB
       and (
-         uint16(0) == 0x5a4d  // Windows
+         uint16(0) == 0x5a4d // Windows
          or uint32be(0) == 0x7f454c46  // Linux
          or (uint32be(0) == 0xcafebabe and uint32be(4) < 0x20)  // Universal mach-O App with dont-match-java-class-file hack
          or uint32(0) == 0xfeedface  // 32-bit mach-O
