| .. |
|
apt_aa19_024a.yar
|
Removed problematic string from rule
|
2019-02-14 08:42:04 +01:00 |
|
apt_agent_btz.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_alienspy_rat.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_apt3_bemstour.yar
|
APT3 Bemstour
|
2019-09-25 10:33:24 +02:00 |
|
apt_apt6_malware.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt10_redleaves.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt10.yar
|
FPs in APT domains
|
2019-05-20 10:53:56 +02:00 |
|
apt_apt12_malware.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt15.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt17_mal_sep17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt17_malware.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt19.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt28_drovorub.yar
|
fix: remove rule that is prone to FPs
|
2020-08-13 18:48:58 +02:00 |
|
apt_apt28.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt29_grizzly_steppe.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_apt30_backspace.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_apt34.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_apt37.yar
|
FPs
|
2019-05-17 15:41:52 +02:00 |
|
apt_apt41.yar
|
rule: Speculoos Backdoor
|
2020-04-18 11:34:36 +02:00 |
|
apt_ar18_165a.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_area1_phishing_diplomacy.yar
|
Area1 Phishing Diplomacy Rules
|
2018-12-19 19:17:51 +01:00 |
|
apt_aus_parl_compromise.yar
|
AUS parliament network compromise
|
2019-02-18 11:03:18 +01:00 |
|
apt_babyshark.yar
|
One of the new BabyShark rules for KimJongRAT
|
2019-04-28 11:46:24 +02:00 |
|
apt_backdoor_ssh_python.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_backdoor_sunburst_fnv1a_experimental.yar
|
style: changed file name to lowercase
|
2020-12-24 09:39:22 +01:00 |
|
apt_backspace.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_beepservice.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_between-hk-and-burma.yar
|
Adjusted SLServer Rule
|
2016-04-21 11:03:55 +02:00 |
|
apt_bigbang.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_blackenergy_installer.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_blackenergy.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_bluetermite_emdivi.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_bronze_butler.yar
|
fix: non-ascii characters \x1f
|
2020-11-24 09:52:43 +01:00 |
|
apt_buckeye.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_carbon_paper_turla.yar
|
Carbon - Turla - rules by ESET
|
2017-04-01 11:56:20 +02:00 |
|
apt_casper.yar
|
FP with Casper Backdoor rule
|
2020-12-18 16:23:54 +01:00 |
|
apt_cheshirecat.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_cloudatlas.yar
|
rule: cloudatlas campaign
|
2020-10-13 19:10:42 +02:00 |
|
apt_cloudduke.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_cmstar.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_cn_pp_zerot.yar
|
False Positive Reduction
|
2018-09-24 12:30:09 +02:00 |
|
apt_cn_reddelta.yar
|
rule: RedDelta
|
2020-10-14 19:28:05 +02:00 |
|
apt_cobaltstrike_evasive.yar
|
CS FPs
|
2019-11-06 13:52:59 +01:00 |
|
apt_cobaltstrike.yar
|
JPCERT CobaltStrike beacon rule
|
2018-11-09 08:27:38 +01:00 |
|
apt_codoso.yar
|
fix: non-ascii characters \x1f
|
2020-11-24 09:52:43 +01:00 |
|
apt_coreimpact_agent.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_danti_svcmondr.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_darkcaracal.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_darkhydrus.yar
|
fix: change to the DarkHydrus rule
|
2020-08-18 10:08:06 +02:00 |
|
apt_deeppanda.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_derusbi.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_dnspionage.yar
|
DNSpionage Karkoff malware
|
2019-04-24 14:29:41 +02:00 |
|
apt_donotteam_ytyframework.yar
|
Update apt_donotteam_ytyframework.yar
|
2019-01-13 12:20:37 -05:00 |
|
apt_dragonfly.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_dtrack.yar
|
Reworked condition of DTRACK rule
|
2019-10-28 21:26:17 +01:00 |
|
apt_dubnium.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_duqu1_5_modules.yar
|
Duqu 1_5, Flame2 Orchestrator, Stuxshop YARA
|
2019-04-09 08:47:58 +02:00 |
|
apt_duqu2.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_dustman.yar
|
Dustman ME attack
|
2020-01-09 16:30:04 +01:00 |
|
apt_emissary.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_eqgrp_apr17.yar
|
False Positive Reduction
|
2019-02-24 13:15:53 +01:00 |
|
apt_eqgrp.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_eternalblue_non_wannacry.yar
|
fix: all non-ascii characters
|
2020-11-24 09:55:53 +01:00 |
|
apt_exile_rat.yar
|
ExileRAT
|
2019-02-04 20:44:06 +01:00 |
|
apt_f5_bigip_expl_payloads.yar
|
F5 BIG-IP exploitation payloads
|
2020-07-08 15:48:54 +02:00 |
|
apt_fakem_backdoor.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fancybear_computrace_agent.yar
|
false positives and renamed rule
|
2019-08-27 12:19:05 +02:00 |
|
apt_fancybear_dnc.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fancybear_osxagent.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fidelis_phishing_plain_sight.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fin7_backdoor.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fin7.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_flame2_orchestrator.yar
|
fix: deactivate rule due to missing support for md5()
|
2019-04-10 11:12:21 +02:00 |
|
apt_foudre.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_four_element_sword.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_freemilk.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_furtim.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fvey_shadowbroker_dec16.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_fvey_shadowbroker_jan17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_ghostdragon_gh0st_rat.yar
|
fix: all non-ascii characters
|
2020-11-24 09:55:53 +01:00 |
|
apt_glassRAT.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_golddragon.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_goldenspy.yar
|
fix: GoldenSpy rule
|
2020-08-25 12:32:02 +02:00 |
|
apt_greenbug.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_greyenergy.yar
|
Grey Energy
|
2018-10-22 00:40:07 +02:00 |
|
apt_grizzlybear_uscert.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_hackingteam_rules.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_ham_tofu_chches.yar
|
False Positives
|
2017-03-28 08:32:20 +02:00 |
|
apt_hatman.yar
|
fix: reworked fucked up hatman rules
|
2019-09-25 16:37:39 +02:00 |
|
apt_hellsing_kaspersky.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_hidden_cobra.yar
|
APT NK HiddenCobra HOPLIGHT
|
2019-04-14 18:07:07 +02:00 |
|
apt_hiddencobra_bankshot.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_hiddencobra_wiper.yar
|
Hidden Cobra Wiper
|
2018-03-28 19:57:12 +02:00 |
|
apt_hizor_rat.yar
|
Fix uint32*() patterns that can't return values > 2^32-1
|
2020-06-25 22:01:15 +02:00 |
|
apt_hkdoor.yar
|
Replaced non-ASCII character
|
2017-10-19 01:17:59 +02:00 |
|
apt_iamtheking.yar
|
rule: SLOTHFULMEDIA malware rule
|
2020-10-02 09:16:14 +02:00 |
|
apt_icefog.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_indetectables_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_industroyer.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_inocnation.yar
|
Fix uint32*() patterns that can't return values > 2^32-1
|
2020-06-25 22:01:15 +02:00 |
|
apt_irongate.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_irontiger_trendmicro.yar
|
FP reduction
|
2019-08-29 11:57:27 +02:00 |
|
apt_irontiger.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_ism_rat.yar
|
ISMRAT
|
2017-05-04 12:22:58 +02:00 |
|
apt_kaspersky_duqu2.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_ke3chang.yar
|
Ke3chang rules
|
2020-06-18 20:16:53 +02:00 |
|
apt_keyboys.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_keylogger_cn.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_khrat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_korplug_fast.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_kwampirs.yar
|
Kwampirs malware
|
2018-04-24 11:29:01 +02:00 |
|
apt_laudanum_webshells.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_lazarus_applejeus.yar
|
Fixed error in RC4 keys list
|
2018-08-26 20:16:40 +02:00 |
|
apt_lazarus_aug20.yar
|
fix: FPs and fixes
|
2020-11-06 12:44:26 +01:00 |
|
apt_lazarus_dec17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_lazarus_dec20.yar
|
fix: Lazarus rule non-ascii chars in comment
|
2020-12-18 16:23:54 +01:00 |
|
apt_lazarus_jun18.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_lazarus_vhd_ransomware.yar
|
rule: Lazarus VHD Ransomware
|
2020-10-05 11:10:54 +02:00 |
|
apt_leviathan.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_lotusblossom_elise.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_magichound.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_microcin.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_middle_east_talosreport.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_miniasp.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_minidionis.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_mofang.yar
|
FoxIT Mofang IOCs and YARA Rules
|
2016-06-15 18:58:10 +02:00 |
|
apt_molerats_jul17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_monsoon.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_moonlightmaze.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_ms_platinum.yara
|
Microsoft Platinum YARA Rules
|
2016-04-27 13:36:39 +02:00 |
|
apt_muddywater.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_naikon.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_nanocore_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_nazar.yar
|
APT Nazar by @_CPResearch_
|
2020-05-05 19:47:35 +02:00 |
|
apt_ncsc_report_04_2018.yar
|
Rule improvements
|
2018-04-11 23:51:43 +02:00 |
|
apt_netwire_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_nk_gen.yar
|
Improved NK CyberAgent rule
|
2019-11-06 20:41:04 +01:00 |
|
apt_oilrig_chafer_mar18.yar
|
OilRig / Chafer YARA Rules
|
2018-03-23 08:43:43 +01:00 |
|
apt_oilrig_oct17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_oilrig_rgdoor.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_oilrig.yar
|
APT34 / OilRig PowerShell malware
|
2019-04-17 13:52:03 +02:00 |
|
apt_olympic_destroyer.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_onhat_proxy.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_op_cleaver.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_op_cloudhopper.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_op_honeybee.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_op_shadowhammer.yar
|
Operation ShadowHammer YARA rule
|
2019-03-25 18:37:42 +01:00 |
|
apt_op_wocao.yar
|
Operation Wocao
|
2019-12-20 15:27:41 +01:00 |
|
apt_passcv.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_passthehashtoolkit.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_patchwork.yar
|
rule improvements
|
2019-09-25 10:33:35 +02:00 |
|
apt_plead_downloader.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_plugx.yar
|
PlugX Signature by Jay DiMartino
|
2016-08-17 13:20:52 +02:00 |
|
apt_poisonivy_gen3.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_poisonivy.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_poseidon_group.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_poshspy.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_prikormka.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_project_m.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_project_sauron_extras.yar
|
False Positive Reduction
|
2019-02-19 23:46:28 +01:00 |
|
apt_project_sauron.yara
|
Project Sauron
|
2016-08-08 17:11:20 +02:00 |
|
apt_promethium_neodymium.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_putterpanda.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_quarkspwdump.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_quasar_rat.yar
|
Quasar RAT new rule
|
2019-05-28 09:49:22 +02:00 |
|
apt_quasar_vermin.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_rancor.yar
|
YARA rule description cleanup
|
2018-12-28 12:38:31 +01:00 |
|
apt_reaver_sunorcal.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_rehashed_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_revenge_rat.yar
|
fix: FPs with RevengeRAT_Sep17
|
2020-07-27 11:27:21 +02:00 |
|
apt_rocketkitten_keylogger.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_rokrat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_royalroad.yar
|
APT RoyalRoad RTF signatures
|
2020-01-21 18:07:18 +01:00 |
|
apt_ruag.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_rwmc_powershell_creddump.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_sakula.yar
|
Turla Rules - RUAG APT
|
2016-06-13 10:41:59 +02:00 |
|
apt_sandworm_exim_expl.yar
|
more Sandworm rules
|
2020-05-28 21:11:08 +02:00 |
|
apt_saudi_aramco_phish.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_scanbox_deeppanda.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_scarcruft.yar
|
Scracruft APT malware
|
2018-02-05 10:22:40 +01:00 |
|
apt_seaduke_unit42.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_sednit_delphidownloader.yar
|
False Positive Reduction
|
2019-01-17 13:12:39 +01:00 |
|
apt_servantshell.yar
|
Servant Shell
|
2017-02-07 10:37:26 +01:00 |
|
apt_shadowpad.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_shamoon2.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_shamoon.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_shellcrew_streamex.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_sidewinder.yar
|
Sidewinder rule by Arkbird
|
2020-08-25 12:06:48 +02:00 |
|
apt_silence.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_skeletonkey.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_slingshot.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_snaketurla_osx.yar
|
fix: dysfunctional rule
|
2020-12-30 09:40:31 +01:00 |
|
apt_snowglobe_babar.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_sofacy_cannon.yar
|
APT28 Cannon Trojan
|
2018-11-21 21:29:31 +01:00 |
|
apt_sofacy_dec15.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_sofacy_fysbis.yar
|
Remove stray Naikon reference
|
2019-04-09 14:35:39 -04:00 |
|
apt_sofacy_hospitality.yar
|
Missing "pe" module import in APT28 rule
|
2017-10-31 11:29:48 +01:00 |
|
apt_sofacy_jun16.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_sofacy_oct17_camp.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_sofacy_xtunnel_bundestag.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_sofacy_zebrocy.yar
|
APT28 Zebrocy Golang Loader by @VK_Intel
|
2019-01-02 09:19:09 +01:00 |
|
apt_sofacy.yar
|
Sofacy Indicators
|
2019-05-19 09:59:44 +02:00 |
|
apt_solarwinds_sunburst.yar
|
SUNBURST comment
|
2020-12-15 17:02:30 +01:00 |
|
apt_solarwinds_susp_sunburst.yar
|
SUNBURST web shell access in logs
|
2020-12-21 11:52:19 +01:00 |
|
apt_sphinx_moth.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_stonedrill.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_strider.yara
|
Symantec Strider IOCs and YARA Rules
|
2016-08-10 09:33:54 +02:00 |
|
apt_stuxnet.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_stuxshop.yar
|
Duqu 1_5, Flame2 Orchestrator, Stuxshop YARA
|
2019-04-09 08:47:58 +02:00 |
|
apt_suckfly.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_sysscan.yar
|
SysScan Rules by Kaspersky
|
2016-07-02 19:32:36 +02:00 |
|
apt_ta17_293A.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_ta17_318A.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_ta17_318B.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_ta18_074A.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_ta18_149A.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_ta459.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_telebots.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_terracotta_liudoor.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
apt_terracotta.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_threatgroup_3390.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_thrip.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_tick_datper.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_tick_weaponized_usb.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_tidepool.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_tophat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_triton_mal_sshdoor.yar
|
fix: bugfix in SSHDoor rule - missing "and"
|
2018-12-05 21:03:24 +01:00 |
|
apt_triton.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_turbo_campaign.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_turla_gazer.yar
|
APT Turla Gazer
|
2017-09-02 08:26:07 +02:00 |
|
apt_turla_kazuar.yar
|
Turla Kazuar
|
2020-05-28 17:28:59 +02:00 |
|
apt_turla_mosquito.yar
|
False Positive Reduction
|
2018-10-10 16:30:08 +02:00 |
|
apt_turla_neuron.yar
|
changed Neuron2 loader rule
|
2019-10-21 16:48:14 +02:00 |
|
apt_turla_penquin.yar
|
APT Turla Penquin by Leonardo S.p.A.
|
2020-05-14 13:47:54 +02:00 |
|
apt_turla_png_dropper_nov18.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_turla.yar
|
APT Turla Linux Malware
|
2020-04-05 20:36:10 +02:00 |
|
apt_uboat_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_unit78020_malware.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_uscert_ta17-1117a.yar
|
fix: moved lsadump rule from general rules to the ext vars file
|
2019-01-19 12:22:32 +01:00 |
|
apt_venom_linux_rootkit.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_volatile_cedar.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_vpnfilter.yar
|
YARA rule description cleanup
|
2018-12-28 12:38:31 +01:00 |
|
apt_waterbear.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_waterbug.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_webmonitor_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_webshell_chinachopper.yar
|
add missing period in Request.Item
|
2019-07-25 19:33:41 -04:00 |
|
apt_wildneutron.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
apt_wilted_tulip.yar
|
fix: FP with Wilted Tulip rule
|
2019-10-13 13:38:04 +02:00 |
|
apt_win_plugx.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_winnti_br.yar
|
Winnti BR report
|
2019-07-25 15:11:26 +02:00 |
|
apt_winnti_burning_umbrella.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
apt_winnti_hdroot.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_winnti_linux.yar
|
APT Winnti Linux
|
2019-05-15 20:12:56 +02:00 |
|
apt_winnti_ms_report_201701.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_winnti.yar
|
CarbonBlack Winnti rules
|
2020-02-25 09:36:55 +01:00 |
|
apt_woolengoldfish.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_xrat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
apt_zxshell.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
cn_pentestset_scripts.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
cn_pentestset_tools.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
cn_pentestset_webshells.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_academic_data_centers_camp_may20.yar
|
Attacks on Academic Data Centers
|
2020-05-16 13:56:46 +02:00 |
|
crime_andromeda_jun17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_antifw_installrex.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_atm_dispenserxfs.yar
|
ATM malware dispenserXFS
|
2019-02-28 13:17:16 +01:00 |
|
crime_atm_javadipcash.yar
|
ATM Malware JavaDispCache by Frank Boldewin
|
2019-03-28 14:25:44 +01:00 |
|
crime_atm_loup.yar
|
rule: atm malware lou
|
2020-08-17 16:54:57 +02:00 |
|
crime_atm_xfsadm.yar
|
ATM malware rule
|
2019-07-17 22:10:59 +02:00 |
|
crime_atm_xfscashncr.yar
|
ATM malware XFSCashNCR by Frank Boldewin
|
2019-08-29 12:27:34 +02:00 |
|
crime_bad_patch.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_badrabbit.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
crime_bazarbackdoor.yar
|
rule: BazarBackdoor by @VK_Intel
|
2020-04-25 13:59:51 +02:00 |
|
crime_bernhard_pos.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
crime_bluenoroff_pos.yar
|
BluenoroffPoS DLL
|
2018-06-08 21:12:24 +02:00 |
|
crime_buzus_softpulse.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_cmstar.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
crime_cn_campaign_njrat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_cn_group_btc.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_cobalt_gang_pdf.yar
|
Cobalt Gang Rule by PaloAltoNetwroks
|
2018-10-30 09:17:04 +01:00 |
|
crime_cobaltgang.yar
|
fix: fixed rule name
|
2019-10-24 17:52:07 +02:00 |
|
crime_corkow_dll.yar
|
refactor: date cleanup
|
2019-07-21 12:04:41 +02:00 |
|
crime_covid_ransom.yar
|
Ransom COVID themed
|
2020-04-15 21:25:44 +02:00 |
|
crime_credstealer_generic.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_crypto_miner.yar
|
CryptoMiners January 2020
|
2021-01-04 16:55:55 +01:00 |
|
crime_cryptowall_svg.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_dexter_trojan.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_dridex_xml.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
crime_emotet.yar
|
New Emotet rule
|
2020-01-29 15:06:06 +01:00 |
|
crime_enfal.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
crime_envrial.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_eternalrocks.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_evilcorp_dridex_banker.yar
|
EvilCorp Dridex Banker
|
2020-04-06 09:33:51 +02:00 |
|
crime_fareit.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_fireball.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_floxif_flystudio.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_goldeneye.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
crime_gozi_crypter.yar
|
GoziCrypter by James Quinn
|
2020-12-02 09:36:28 +01:00 |
|
crime_guloader.yar
|
GuLoader by @VK_Intel
|
2020-05-04 11:27:35 +02:00 |
|
crime_h2miner_kinsing.yar
|
Create crime_h2miner_kinsing.yar
|
2020-08-31 09:15:53 -05:00 |
|
crime_hermes_ransom.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
crime_kasper_oct17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_kins_dropper.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
crime_kr_malware.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_kraken_bot1.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_kriskynote.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_locky.yar
|
Locky Ransomware
|
2016-02-17 18:03:58 +01:00 |
|
crime_loki_bot.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_mal_grandcrab.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_mal_nitol.yar
|
Nitol Malware
|
2019-01-14 11:20:18 +01:00 |
|
crime_mal_ransom_wadharma.yar
|
Ransomware Wadhrama
|
2019-04-07 20:20:11 +02:00 |
|
crime_malumpos.yar
|
Moved all rules that use ext vars to a new rule set
|
2018-03-12 13:47:40 +01:00 |
|
crime_malware_generic.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_malware_set_oct16.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_maze_ransomware.yar
|
rule: Maze Ransomware by @VK_Intel
|
2020-04-20 11:12:50 +02:00 |
|
crime_mikey_trojan.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_mirai.yar
|
New Mirai Sig
|
2019-11-14 08:37:41 +01:00 |
|
crime_mywscript_dropper.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_nansh0u.yar
|
fix: HIGHVOL markers
|
2020-10-10 18:42:54 +02:00 |
|
crime_nkminer.yar
|
North Korean Crypto Miner (by Chris Doman and me)
|
2018-01-10 08:36:13 +01:00 |
|
crime_nopetya_jun17.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_ole_loadswf_cve_2018_4878.yar
|
OLE LoadSwf CVE 2018-4878
|
2018-02-05 10:20:19 +01:00 |
|
crime_parallax_rat.yar
|
Parallax RAT rules by @VK_Intel
|
2020-02-25 09:37:15 +01:00 |
|
crime_phish_gina_dec15.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_ransom_generic.yar
|
Generic Ransomware Indicators
|
2020-07-30 18:54:38 +02:00 |
|
crime_ransom_germanwiper.yar
|
fix: bugfix in GermanWiper rule
|
2019-08-05 13:30:24 +02:00 |
|
crime_ransom_lockergoga.yar
|
Improved LockerGoga rule (ransom note)
|
2019-03-19 16:53:29 +01:00 |
|
crime_ransom_prolock.yar
|
ProLock ransomware rule by Frank Boldewin
|
2020-05-20 08:26:38 +02:00 |
|
crime_ransom_ragna_locker.yar
|
rule: Ragna Locker
|
2020-07-31 19:26:15 +02:00 |
|
crime_ransom_revil.yar
|
rule: ransomware REvil
|
2020-10-13 19:10:51 +02:00 |
|
crime_ransom_robinhood.yar
|
RobinHood Ransomware
|
2019-05-15 13:10:27 +02:00 |
|
crime_rat_parallax.yar
|
Parallax RAT by @VK_Intel
|
2020-05-05 19:52:40 +02:00 |
|
crime_rombertik_carbongrabber.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_ryuk_ransomware.yar
|
Ryuk Ransomware
|
2018-12-31 14:56:56 +01:00 |
|
crime_shifu_trojan.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_snarasite.yar
|
refactor: big rule cleanup - removed file hash value from desc
|
2020-07-27 11:27:38 +02:00 |
|
crime_teledoor.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_trickbot.yar
|
fix: fixed Trickbot rule set - missing pe
|
2019-10-04 16:28:05 +02:00 |
|
crime_upatre_oct15.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_wannacry.yar
|
fix: renamed rules that could probably cause duplicate name errors
|
2020-03-25 16:30:12 +01:00 |
|
crime_xbash.yar
|
Xbash
|
2018-09-20 07:38:08 +02:00 |
|
crime_zeus_panda.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
crime_zloader_maldocs.yar
|
ZLoader MalDocs
|
2020-10-10 10:07:12 +02:00 |
|
exploit_cve_2014_4076.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2015_1674.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2015_1701.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2015_2426.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2015_2545.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2015_5119.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2017_8759.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2017_9800.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2017_11882.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
exploit_cve_2018_0802.yar
|
YARA rule for CVE-2018-0802 by Rich Warren
|
2018-01-14 13:49:53 +01:00 |
|
exploit_cve_2018_16858.yar
|
Changed filename
|
2019-02-07 09:48:08 +01:00 |
|
exploit_rtf_ole2link.yar
|
Moved all rules that use ext vars to a new rule set
|
2018-03-12 13:47:40 +01:00 |
|
exploit_shitrix.yar
|
improved shitrix rule : nocase
|
2020-01-15 09:15:12 +01:00 |
|
exploit_uac_elevators.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_ace_with_exe.yar
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
gen_anomalies_keyword_combos.yar
|
NullSoftInst FPs
|
2020-10-06 23:00:53 +02:00 |
|
gen_armitage.yar
|
fix: FPs with Armitage_MeterpreterSession_Strings on proc mem
|
2020-05-19 09:19:43 +02:00 |
|
gen_autocad_lsp_malware.yar
|
Renamed AutoCAD rule
|
2019-02-11 15:20:13 +01:00 |
|
gen_b374k_extra.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_bad_pdf.yar
|
Update gen_bad_pdf.yar
|
2019-01-10 11:28:31 +01:00 |
|
gen_case_anomalies.yar
|
False Positive Reduction
|
2019-01-17 13:12:39 +01:00 |
|
gen_cert_payloads.yar
|
False Positive Reduction
|
2018-08-21 10:58:45 +02:00 |
|
gen_chaos_payload.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_cmd_script_obfuscated.yar
|
Obfuscated Batch Script
|
2019-03-01 08:30:35 +01:00 |
|
gen_cn_hacktool_scripts.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_cn_hacktools.yar
|
Some rule adjustments
|
2019-06-02 12:17:05 +02:00 |
|
gen_cn_webshells.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_crime_bitpaymer.yar
|
rule: BitPaymer
|
2019-10-30 08:43:57 +01:00 |
|
gen_crimson_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_crunchrat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_dde_in_office_docs.yar
|
false positive reduction
|
2020-02-25 09:37:53 +01:00 |
|
gen_deviceguard_evasion.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_dropper_pdb.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_elf_file_anomalies.yar
|
Some rule adjustments
|
2019-06-02 12:17:05 +02:00 |
|
gen_empire.yar
|
rule improvements
|
2019-09-25 10:33:35 +02:00 |
|
gen_enigma_protector.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_event_mute_hook.yar
|
Event Mute Hook by SBousseaden
|
2020-09-05 17:06:05 +02:00 |
|
gen_Excel4Macro_Sharpshooter.yar
|
Update gen_Excel4Macro_Sharpshooter.yar
|
2020-04-01 12:49:19 -07:00 |
|
gen_excel_auto_open_evasion.yar
|
Create gen_excel_auto_open_evasion.yar
|
2020-09-24 12:59:53 -07:00 |
|
gen_excel_xll_addin_suspicious.yar
|
Update gen_excel_xll_addin_suspicious.yar
|
2020-11-10 05:39:54 -08:00 |
|
gen_excel_xor_obfuscation_velvetsweatshop.yar
|
refactor: slightly modified rule
|
2020-10-10 17:57:25 +02:00 |
|
gen_exploit_cve_2017_10271_weblogic.yar
|
update for VT uploads that include the POST header
|
2018-03-28 05:31:01 -07:00 |
|
gen_faked_versions.yar
|
Moved all rules that use ext vars to a new rule set
|
2018-03-12 13:47:40 +01:00 |
|
gen_file_anomalies.yar
|
reduce score of GIF anomaly rule
|
2020-07-02 17:45:33 +02:00 |
|
gen_fireeye_redteam_tools.yar
|
fix: deactivate another rule
|
2020-12-11 17:40:42 +01:00 |
|
gen_floxif.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_gen_cactustorch.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_github_net_redteam_tools_guids.yara
|
Update gen_github_net_redteam_tools_guids.yara
|
2021-01-21 23:25:30 +01:00 |
|
gen_github_net_redteam_tools_names.yara
|
Update gen_github_net_redteam_tools_names.yara
|
2021-01-22 00:43:31 +01:00 |
|
gen_google_anomaly.yar
|
Unsigned GoogleUpdate
|
2019-08-05 15:23:55 +02:00 |
|
gen_gpp_cpassword.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_hawkeye.yar
|
New HawkEye keylogger rule
|
2018-12-12 09:24:12 +01:00 |
|
gen_hta_anomalies.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_hunting_susp_rar.yar
|
fix: hash values
|
2020-07-31 19:37:09 +02:00 |
|
gen_icon_anomalies.yar
|
Update gen_icon_anomalies.yar
|
2020-11-07 14:20:46 +01:00 |
|
gen_impacket_tools.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_invoke_mimikatz.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_invoke_psimage.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_invoke_thehash.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_javascript_powershell.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_kerberoast.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_kirbi_mimkatz.yar
|
fix: big false positive cleanup
|
2019-10-24 16:49:56 +02:00 |
|
gen_lnx_malware_indicators.yar
|
fix: FPs with Linux malware rule
|
2020-08-03 18:49:56 +02:00 |
|
gen_loaders.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_macro_builders.yar
|
fix: wrong condition in macro builder rule
|
2020-11-06 12:49:26 +01:00 |
|
gen_macro_ShellExecute_action.yar
|
Update gen_macro_ShellExecute_action.yar
|
2019-01-31 19:38:50 -08:00 |
|
gen_macro_staroffice_suspicious.yar
|
Minor changes
|
2019-02-07 18:09:34 +01:00 |
|
gen_mal_backnet.yar
|
Backnet Open Source C# backdoor
|
2018-11-09 08:27:53 +01:00 |
|
gen_mal_link.yar
|
False Positive Reduction
|
2019-01-17 13:12:39 +01:00 |
|
gen_mal_scripts.yar
|
Better MSI detection
|
2019-06-21 17:18:25 +02:00 |
|
gen_malware_MacOS_plist_suspicious.yar
|
fix: false positive reduction
|
2020-02-13 09:18:18 +01:00 |
|
gen_malware_set_qa.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_merlin_agent.yar
|
Typo in Merlin rule
|
2017-12-29 15:15:57 +01:00 |
|
gen_metasploit_loader_rsmudge.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_metasploit_payloads.yar
|
Metasploit in-memory rule
|
2020-07-03 08:39:45 +02:00 |
|
gen_mimikatz.yar
|
Mimikatz memssp module in-memory
|
2020-08-27 18:14:20 +02:00 |
|
gen_mimikittenz.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_mimipenguin.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_nopowershell.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_osx_backdoor_bella.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
gen_osx_evilosx.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
gen_osx_pyagent_persistence.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
gen_p0wnshell.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_pirpi.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_powerkatz.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_powershdll.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_powershell_empire.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_powershell_invocation.yar
|
bugfix: PowerShell_Susp_Parameter_Combo
|
2019-01-17 13:18:07 +01:00 |
|
gen_powershell_obfuscation.yar
|
PowerShell back tick obfuscation detection - improved
|
2020-06-30 09:52:26 +02:00 |
|
gen_powershell_suite.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_powershell_susp.yar
|
Improved PowerShell rule
|
2020-01-29 15:52:52 +01:00 |
|
gen_powershell_toolkit.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_powersploit_dropper.yar
|
Hacktool PowerSploit Dropper
|
2018-06-24 22:44:28 +02:00 |
|
gen_ps1_shellcode.yar
|
Added David to the authors
|
2018-11-15 17:25:58 +01:00 |
|
gen_ps_empire_eval.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_ps_osiris.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_pua.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_pupy_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_python_encoded_adware
|
yara rule for encoded python payloads for adware
|
2018-03-07 08:45:57 -08:00 |
|
gen_python_pty_shell.yar
|
Renamed Python TCP reverse connect shell
|
2019-10-19 18:03:31 +02:00 |
|
gen_python_pyminifier_encoded_payload.yar
|
Update gen_python_pyminifier_encoded_payload.yar
|
2019-12-17 08:56:15 -08:00 |
|
gen_python_reverse_shell.yara
|
Minor changes: performance reasons, reference, hashes split up
|
2018-03-05 15:41:51 +01:00 |
|
gen_rar_exfil.yar
|
Rule RAR exfiltration
|
2019-12-16 18:17:20 +01:00 |
|
gen_rats_malwareconfig.yar
|
fix: false positive reduction
|
2020-01-21 18:07:30 +01:00 |
|
gen_recon_indicators.yar
|
fix: 'keywords' in filename caused processing issues
|
2020-07-08 11:46:38 +02:00 |
|
gen_redmimicry.yar
|
RedMimicry
|
2020-07-01 09:01:41 +02:00 |
|
gen_redsails.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_regsrv32_issue.yar
|
Moved all rules that use ext vars to a new rule set
|
2018-03-12 13:47:40 +01:00 |
|
gen_rottenpotato.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_sfx_with_microsoft_copyright.yar
|
Fix: tightened the SFX rule
|
2018-09-17 08:27:58 +02:00 |
|
gen_sharpcat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_shikataganai.yar
|
Metasploit ShikataGaNai signature
|
2019-10-21 23:13:17 +02:00 |
|
gen_sign_anomalies.yar
|
OSPPSVC Signature Anomaly
|
2019-09-30 15:27:24 +02:00 |
|
gen_solarwinds_credential_stealer.yar
|
add solarwinds credential stealer + PHPs <?= to filetypes
|
2021-01-20 19:45:10 +01:00 |
|
gen_susp_bat_aux.yar
|
Suspicious BAT helper file
|
2020-12-01 08:49:02 +01:00 |
|
gen_susp_cmd_var_expansion.yar
|
Suspicious CMD Var expansion in Office Docs
|
2018-09-28 13:29:35 +02:00 |
|
gen_susp_hacktool.yar
|
InjectDLL keyword - low scoring rule
|
2019-04-28 11:44:58 +02:00 |
|
gen_susp_lnk_files.yar
|
ZIP with .doc.lnk contents
|
2019-07-02 20:29:24 +02:00 |
|
gen_susp_lnk.yar
|
Suspicious big LNK file
|
2019-02-05 09:11:16 +01:00 |
|
gen_susp_obfuscation.yar
|
fix: FPs with obfuscation rule
|
2020-06-18 20:16:02 +02:00 |
|
gen_susp_office_dropper.yar
|
Macro CHAR obfuscation by DissectMalware
|
2020-04-08 14:55:29 +02:00 |
|
gen_susp_sfx.yar
|
Suspicious SFX running wscript.exe
|
2018-09-28 13:29:43 +02:00 |
|
gen_susp_strings_in_ole.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_susp_wer_files.yar
|
docs: added reference links
|
2019-10-20 09:54:38 +02:00 |
|
gen_susp_xor.yar
|
fix: FPs in XORed URL in EXE rule
|
2020-07-20 14:07:24 +02:00 |
|
gen_suspicious_InPage_dropper.yar
|
Create gen_suspicious_InPage_dropper.yar
|
2019-07-03 07:08:49 -07:00 |
|
gen_suspicious_strings.yar
|
fix: limit rule due to in-memory FPs
|
2020-06-30 09:35:16 +02:00 |
|
gen_sysinternals_anomaly.yar
|
False Positives with SysInternals_Tool_Anomaly
|
2019-04-02 15:57:33 +02:00 |
|
gen_tempracer.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_thumbs_cloaking.yar
|
Moved all rules that use ext vars to a new rule set
|
2018-03-12 13:47:40 +01:00 |
|
gen_transformed_strings.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_tscookie_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_unicorn_obfuscated_powershell.yar
|
Performance optimization
|
2018-04-03 15:30:23 +02:00 |
|
gen_unspecified_malware.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_url_persitence.yar
|
fix: fixed duplicate rule name
|
2019-10-26 15:06:00 +02:00 |
|
gen_url_to_local_exe.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_vhd_anomaly.yar
|
Suspiciously small VHD files
|
2019-12-21 22:11:20 +01:00 |
|
gen_win_privesc.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_winpayloads.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_winshells.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_wmi_implant.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_xor_hunting.yar
|
score adjusted
|
2019-10-28 20:38:50 +01:00 |
|
gen_xtreme_rat.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
gen_ysoserial_payloads.yar
|
fix: all non-ascii characters
|
2020-11-24 09:55:53 +01:00 |
|
general_cloaking.yar
|
fix: fixed condition in cloaking rule
|
2019-12-09 13:27:52 +01:00 |
|
general_officemacros.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
generic_anomalies.yar
|
fix: FPs and fixes
|
2020-11-06 12:44:26 +01:00 |
|
generic_cryptors.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
generic_dumps.yar
|
rule: suspicious ntds.dit file in zip
|
2020-08-10 17:50:50 +02:00 |
|
generic_exe2hex_payload.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
mal_avemaria_rat.yar
|
AveMaria RAT
|
2019-07-02 20:29:33 +02:00 |
|
mal_cryp_rat.yar
|
Cryp RAT
|
2019-01-08 09:18:45 +01:00 |
|
mal_netsha.yar
|
Netsha rules
|
2020-03-25 20:37:59 +01:00 |
|
pua_cryptocoin_miner.yar
|
New Crypto Coin miner rule
|
2019-02-02 17:14:44 +01:00 |
|
pua_xmrig_monero_miner.yar
|
Moved NK miner to generic list
|
2018-12-29 09:31:57 +01:00 |
|
pup_lightftp.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
spy_equation_fiveeyes.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
spy_querty_fiveeyes.yar
|
License notice on my own rules, removed rules with unclear/problematic licensing
|
2018-08-26 12:48:01 +02:00 |
|
spy_regin_fiveeyes.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
thor_inverse_matches.yar
|
rule: Solarwinds SUNBURST config
|
2020-12-18 16:23:54 +01:00 |
|
thor-hacktools.yar
|
refactor: new file dedicated for Mimikatz + new in-memory rule
|
2020-08-10 08:34:04 +02:00 |
|
thor-webshells.yar
|
fix: webshell FP reduction
|
2020-01-09 16:29:56 +01:00 |
|
threat_lenovo_superfish.yar
|
Reworked many rules based on YARA performance guidelines
|
2019-03-02 16:02:11 +01:00 |
|
vul_cve_2020_0688.yar
|
CVE-2020-0688 Exchange static validation key
|
2020-02-26 08:17:38 +01:00 |
|
vul_cve_2020_1938.yar
|
CVE-2020-1938
|
2020-02-28 23:43:30 +01:00 |
|
vul_drivecrypt.yar
|
Renamed DriveCrypt rule
|
2018-11-09 08:28:21 +01:00 |
|
vul_jquery_fileupload_cve_2018_9206.yar
|
jQuery File Upload Vulnerability
|
2018-10-19 09:07:37 +02:00 |
|
yara_mixed_ext_vars.yar
|
False Positive Reduction
|
2019-12-09 08:53:51 +01:00 |
