awesome-yara
yara
Our great sponsors
awesome-yara | yara | |
---|---|---|
7 | 19 | |
3,234 | 7,632 | |
2.5% | 2.3% | |
5.6 | 8.8 | |
10 days ago | 11 days ago | |
C | ||
GNU General Public License v3.0 or later | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-yara
- XSOAR Yara Feeds
- Incorporating YARA Into Security Processes?
-
Cybersecurity Repositories
YARA
-
YARA Rules for Malware
Check out the myriad of resources available here: https://github.com/InQuest/awesome-yara
-
Identifying packers, crypters or protectors
A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.
-
What are the best FOSS YARA rules you would recommend to deploy?
https://github.com/InQuest/awesome-yara#rules
- InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
yara
- Ask HN: Regex on a File or Stream
-
Who does check linux distros of malware - open source
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
- Release YARA v4.4.0-rc1 - lnk module
- Release YARA v4.3.0-rc1
- yara - The pattern matching swiss knife for malware researchers (and everyone else)
- Hogy lehet észrevenni, ha valaki bejár a gépedre és adatot visz ki? KRÉTA sztori spin-off
- LNK module for Yara
-
Open source tools and standards to lookup known files
Shameless plug: I wrote a small poc module to use hashlookup's bloom filter in yara (https://github.com/VirusTotal/yara). The idea is to easily discard files that are known to be safe and so to avoid launching thousands of yara rules on a file for nothing. One can also use it to keep track of some files that meet certain conditions for instance. The module can store any string in these filters so I see a lot of useful use-cases for this little thingy :)
- Yara - The pattern matching swiss knife
-
Tasked with building a malware analysis / threat hunting machine . Need feedback
YARA - https://virustotal.github.io/yara/
What are some alternatives?
malware-ioc - Indicators of Compromises (IOC) of our various investigations
Loki - Loki - Simple IOC and YARA Scanner
signature-base - YARA signature and IOC database for my scanners and tools
awesome-malware-analysis - Defund the Police.
yarGen - yarGen is a generator for YARA rules
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
flare-floss - FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
rules - Repository of yara rules
DIE-engine - DIE engine