awesome-yara
rules
Our great sponsors
awesome-yara | rules | |
---|---|---|
7 | 7 | |
3,234 | 3,962 | |
2.5% | 1.5% | |
5.6 | 0.0 | |
10 days ago | 3 days ago | |
YARA | ||
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-yara
- XSOAR Yara Feeds
- Incorporating YARA Into Security Processes?
-
Cybersecurity Repositories
YARA
-
YARA Rules for Malware
Check out the myriad of resources available here: https://github.com/InQuest/awesome-yara
-
Identifying packers, crypters or protectors
A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.
-
What are the best FOSS YARA rules you would recommend to deploy?
https://github.com/InQuest/awesome-yara#rules
- InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
rules
-
Web Security Resources Request
Yara rules. https://github.com/Yara-Rules/rules
-
How to check is a linux server is compromised or rooted?
On the other hand, you could also use a Yara scanner (apt install yara) to scan for IOCs. Here's a good list of rules https://github.com/Yara-Rules/rules
-
What is the use of an Av when it can be bypassed easily?
As we can see in this pic -> https://i.postimg.cc/qRPSyjvL/Screenshot-at-2022-09-04-13-36-40.png the crypted payload also fires off a lot more of the yara rules from the Yara Rules Project, so it's just a lot "louder" in terms of static analysis too. Top section is a payload that currently does not get detected, and does not use any encryption (the other screenshot showing OneNote.exe was actually taken from my test VM with this payload, so it definitely doesn't get detected lol). Bottom is the scarecrow payload that's aes256'd and still got caught pretty quick.
- Incorporating YARA Into Security Processes?
- Python Script EXE detected as virus in VT
-
YARA Rules for Malware
this repo is well-maintained. there are others exchanged in less public settings (in which i do not participate) if you're willing to contribute samples and signatures.
- Incident report collection
What are some alternatives?
malware-ioc - Indicators of Compromises (IOC) of our various investigations
ClearURLs-Addon - ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.
signature-base - YARA signature and IOC database for my scanners and tools
coreruleset - OWASP CRS (Official Repository)
awesome-malware-analysis - Defund the Police.
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
yara - The pattern matching swiss knife
bpftrace - High-level tracing language for Linux eBPF [Moved to: https://github.com/bpftrace/bpftrace]
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
PEpper - An open source script to perform malware static analysis on Portable Executable
yara-python - The Python interface for YARA