YAMA
awesome-yara
YAMA | awesome-yara | |
---|---|---|
2 | 7 | |
166 | 3,265 | |
1.8% | 1.9% | |
4.3 | 7.1 | |
10 days ago | about 1 month ago | |
C++ | ||
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
YAMA
awesome-yara
- XSOAR Yara Feeds
- Incorporating YARA Into Security Processes?
-
Cybersecurity Repositories
YARA
-
YARA Rules for Malware
Check out the myriad of resources available here: https://github.com/InQuest/awesome-yara
-
Identifying packers, crypters or protectors
A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.
-
What are the best FOSS YARA rules you would recommend to deploy?
https://github.com/InQuest/awesome-yara#rules
- InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
What are some alternatives?
binlex - A Binary Genetic Traits Lexer Framework
malware-ioc - Indicators of Compromises (IOC) of our various investigations
pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
signature-base - YARA signature and IOC database for my scanners and tools
med - Linux alternative game memory editor
awesome-malware-analysis - Defund the Police.
yaralyzer - Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.
yara - The pattern matching swiss knife
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
rules - Repository of yara rules
PEpper - An open source script to perform malware static analysis on Portable Executable