signature-base/yara
2018-02-27 09:54:05 +01:00
..
apt_agent_btz.yar Activate pe.imphash() expressions in my rules 2017-10-18 21:58:30 +02:00
apt_alienspy_rat.yar False Positives 2017-05-25 11:36:50 +02:00
apt_apt6_malware.yar False Positive Reduction 2017-09-12 00:19:09 +02:00
apt_apt10.yar False Positive Reduction 2017-12-26 01:09:41 +01:00
apt_apt12_malware.yar APT12 Malware 2017-08-30 20:19:40 +02:00
apt_apt17_mal_sep17.yar APT17 Malware September 2017 2017-10-03 19:34:53 +02:00
apt_apt17_malware.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_apt19.yar APT 19 - FireEye report 2017-06-07 16:20:34 +02:00
apt_apt28.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_apt29_grizzly_steppe.yar Updated Grizzly Steppe 2017-01-02 08:10:21 +01:00
apt_apt30_backspace.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
apt_apt34.yar APT34 rules 2017-12-08 12:19:27 +01:00
apt_backdoor_ssh_python.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_backspace.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_beepservice.yar Signature Update 2016-05-13 06:06:18 -06:00
apt_between-hk-and-burma.yar Adjusted SLServer Rule 2016-04-21 11:03:55 +02:00
apt_blackenergy_installer.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_blackenergy.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
apt_bluetermite_emdivi.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_bronze_butler.yar Bronze Butler Daserf malware 2017-11-08 12:52:38 +01:00
apt_buckeye.yar APT Buckeye 2016-09-10 01:16:28 +02:00
apt_carbon_paper_turla.yar Carbon - Turla - rules by ESET 2017-04-01 11:56:20 +02:00
apt_casper.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_cheshirecat.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
apt_cloudduke.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_cmstar.yar CMSTAR Malware 2017-10-03 19:35:15 +02:00
apt_cn_pp_zerot.yar CN APT Proofpoint ZeroT RAT 2017-02-05 13:26:03 +01:00
apt_codoso.yar False Positives 2016-02-29 13:46:21 +01:00
apt_coreimpact_agent.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_crash_override.yar Crash Override YARA Sigs 2017-06-12 19:49:08 +02:00
apt_cve2015_5119.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_danti_svcmondr.yar Danti and SVCMONDR Malware Rules 2016-05-25 16:14:11 -06:00
apt_darkcaracal.yar Dark Caracal Mini RAT 2018-01-23 17:06:33 +01:00
apt_deeppanda.yar Updated DeepPanda rule 2017-04-22 13:53:46 +02:00
apt_derusbi.yar Derusbi Samples 2017-03-04 14:38:20 +01:00
apt_dragonfly.yar DragonFly APT 2017-09-12 08:22:07 +02:00
apt_dubnium.yar Dubnium YARA Signatures 2016-06-10 17:03:29 +02:00
apt_duqu2.yar Bugfix in Duqu2 Rule 2016-07-02 19:35:33 +02:00
apt_emissary.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_eqgrp_apr17.yar EquationGroup FP 2017-05-03 09:01:57 +02:00
apt_eqgrp.yar False Positive Reduction 2018-02-08 22:59:08 +01:00
apt_eternalblue_non_wannacry.yar FireEye - EternalBlue Non-Wannacry attack 2017-06-04 17:00:14 +02:00
apt_fakem_backdoor.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_fancybear_dnc.yar Fancy / Cozy Bear Sigs 2016-07-02 19:32:02 +02:00
apt_fidelis_phishing_plain_sight.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_fin7_backdoor.yar FIN7 Backdoor 2017-08-07 14:32:33 +02:00
apt_foudre.yar Foudre Malware (Infy) 2017-08-02 08:43:10 +02:00
apt_four_element_sword.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
apt_freemilk.yar FreeMilk YARA rules bugfix - thx to M. Selck 2017-10-06 23:54:13 +02:00
apt_furtim.yar Furtims Parent 2016-07-17 12:59:29 +02:00
apt_fvey_shadowbroker_dec16.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
apt_fvey_shadowbroker_jan17.yar False Positive Reduction 2017-09-15 11:30:03 +02:00
apt_ghostdragon_gh0st_rat.yar Gh0st Dragon RAT 2016-04-27 13:36:53 +02:00
apt_glassRAT.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_golddragon.yar Gold Dragon malware 2018-02-03 18:46:02 +01:00
apt_greenbug.yar Greenbug Malware 2017-11-27 16:55:43 +01:00
apt_grizzlybear_uscert.yar Deactivated False Positives in Grizzly Steppe Rules - US CERT 2017-02-12 18:26:02 +01:00
apt_hackingteam_rules.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_ham_tofu_chches.yar False Positives 2017-03-28 08:32:20 +02:00
apt_hatman.yar Disabled global rule to avoid the application in the concatenated rule set 2017-12-19 01:37:49 +01:00
apt_hellsing_kaspersky.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_hidden_cobra.yar Hidden Cobra IOCs and YARA Sigs 2017-06-14 09:16:23 +02:00
apt_hiddencobra_bankshot.yar Hidden Cobra - BANKSHOT rules (my own and UC CERT's) 2017-12-26 21:14:26 +01:00
apt_hizor_rat.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_hkdoor.yar Replaced non-ASCII character 2017-10-19 01:17:59 +02:00
apt_indetectables_rat.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_industroyer.yar Industroyer YARA Sigs 2017-06-14 09:05:54 +02:00
apt_inocnation.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_irongate.yar False Positive - PipeList 2016-12-27 23:20:01 +01:00
apt_irontiger_trendmicro.yar False Positives 2017-04-28 10:32:36 +02:00
apt_irontiger.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_ism_rat.yar ISMRAT 2017-05-04 12:22:58 +02:00
apt_kaspersky_duqu2.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_keyboys.yar KeyBoys malware 2017-11-03 08:28:16 +01:00
apt_keylogger_cn.yar New Signatures 2016-03-09 13:40:49 +01:00
apt_khrat.yar APT Turla Gazer 2017-09-02 08:26:07 +02:00
apt_korplug_fast.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_laudanum_webshells.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_lazarus_dec17.yar Lazarus group malware 2017-12-21 15:28:16 +01:00
apt_leviathan.yar Leviathan APT - Maritime and Defense Targets 2017-10-19 09:34:07 +02:00
apt_lotusblossom_elise.yar Removed APT32 reference > Lotus Blossom 2018-01-31 23:56:02 +01:00
apt_magichound.yar Op Magic Hound YARA Signatures 2017-02-17 15:48:58 +01:00
apt_microcin.yar Microcin YARA rules 2017-09-27 16:34:34 +02:00
apt_middle_east_talosreport.yar Middle Eastern Campaign - Talos Report 2018-02-08 22:58:31 +01:00
apt_miniasp.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_minidionis.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_mofang.yar FoxIT Mofang IOCs and YARA Rules 2016-06-15 18:58:10 +02:00
apt_molerats_jul17.yar Molerats July 2017 2017-07-08 10:35:11 -06:00
apt_monsoon.yar Monsoon APT 2017-09-10 00:29:17 +02:00
apt_moonlightmaze.yar False Positive Reduction 2017-12-19 01:36:08 +01:00
apt_ms_platinum.yara Microsoft Platinum YARA Rules 2016-04-27 13:36:39 +02:00
apt_muddywater.yar MuddyWater Doc Dropper 2018-02-27 09:54:05 +01:00
apt_naikon.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_nanocore_rat.yar NanoCore RAT update 2018-02-20 20:11:09 +01:00
apt_netwire_rat.yar NetWire RAT 2018-01-05 16:17:17 +01:00
apt_oilrig_oct17.yar OilRig YARA rules derived from PaloAltoNetwork reports Sep/Oct 17 2017-10-19 09:29:59 +02:00
apt_oilrig_rgdoor.yar OilRig RGDoor 2018-01-27 16:06:15 +01:00
apt_oilrig.yar OilRig IntelSecurityManager rules by Eyal Sela 2018-01-22 08:46:37 +01:00
apt_olympic_destroyer.yar Modified Olympic Destroyer rule - made rule 1 a generic rule 2018-02-13 08:29:38 +01:00
apt_onhat_proxy.yar Signature Update 2016-05-13 06:06:18 -06:00
apt_op_cleaver.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_op_cloudhopper.yar Improved Cloud Hopper Malware Sigs 2017-04-08 12:57:20 +02:00
apt_passcv.yar PassCV YARA Rules 2016-10-21 11:44:38 +02:00
apt_passthehashtoolkit.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_plugx.yar PlugX Signature by Jay DiMartino 2016-08-17 13:20:52 +02:00
apt_poisonivy_gen3.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_poisonivy.yar Signature Update 2016-05-13 06:06:18 -06:00
apt_poseidon_group.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_poshspy.yar POSHSPY malware 2017-07-19 11:40:16 -06:00
apt_prikormka.yar Bugfix in prikormka Rules 2016-06-17 17:24:28 +02:00
apt_project_m.yar Signature Update 2016-04-01 16:51:30 +02:00
apt_project_sauron_extras.yar My Sauron Extra Rules 2016-08-10 09:34:15 +02:00
apt_project_sauron.yara Project Sauron 2016-08-08 17:11:20 +02:00
apt_promethium_neodymium.yar Promethium Neodymium YARA Rules 2016-12-27 23:23:46 +01:00
apt_putterpanda.yar Missing PE module imports, minor changes 2017-10-11 18:43:19 +02:00
apt_quarkspwdump.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_quasar_rat.yar Quasar RAT 2017-04-07 20:41:00 +02:00
apt_quasar_vermin.yar Vermin Keylogger and Quasar RAT 2018-01-30 11:08:57 +01:00
apt_reaver_sunorcal.yar Reaver and SunOrcal malware 2017-11-12 15:13:38 +01:00
apt_rehashed_rat.yar Rehashed RAT 2017-09-10 00:29:29 +02:00
apt_revenge_rat.yar Revenge RAT 2017-09-05 10:42:59 +02:00
apt_rocketkitten_keylogger.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_rokrat.yar ROKRAT Update 2017-11-29 16:04:36 +01:00
apt_ruag.yar RUAG APT Case YARA Signatures 2016-05-24 07:29:20 -06:00
apt_rwmc_powershell_creddump.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_sakula.yar Turla Rules - RUAG APT 2016-06-13 10:41:59 +02:00
apt_saudi_aramco_phish.yar Saudi Aramco Phishing campaign malware 2017-10-12 09:15:20 +02:00
apt_scanbox_deeppanda.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_scarcruft.yar Scracruft APT malware 2018-02-05 10:22:40 +01:00
apt_seaduke_unit42.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_servantshell.yar Servant Shell 2017-02-07 10:37:26 +01:00
apt_shadowpad.yar ShadowPad new Imphash 2017-08-23 13:21:21 +02:00
apt_shamoon2.yar Shamoon 2.0 Rev1 2016-12-01 23:02:21 +01:00
apt_shamoon.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_shellcrew_streamex.yar Shell Crew StreamEx 2017-02-10 10:23:29 +01:00
apt_silence.yar Silence malware 2017-11-02 09:07:58 +01:00
apt_skeletonkey.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_snaketurla_osx.yar Update on Snake/Turla - Shell scripts 2017-05-04 11:55:50 +02:00
apt_snowglobe_babar.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_sofacy_dec15.yar False Positives 2017-05-20 10:18:37 +02:00
apt_sofacy_fysbis.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_sofacy_hospitality.yar Missing "pe" module import in APT28 rule 2017-10-31 11:29:48 +01:00
apt_sofacy_jun16.yar Sofacy Samples June 2016 2016-06-15 06:54:30 +02:00
apt_sofacy_oct17_camp.yar APT28 / Sofacy malware 2017-10-23 16:56:32 +02:00
apt_sofacy_xtunnel_bundestag.yar Signature Update 2016-05-13 06:06:18 -06:00
apt_sphinx_moth.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_stonedrill.yar Bugfix - non OpenSSL binaries 2017-03-09 18:09:15 +01:00
apt_strider.yara Symantec Strider IOCs and YARA Rules 2016-08-10 09:33:54 +02:00
apt_stuxnet.yar Stuxnet Rules 2016-07-11 19:48:03 +02:00
apt_suckfly.yar Missing import "pe" in Nidiran trojan rules 2018-01-28 17:15:17 +01:00
apt_sysscan.yar SysScan Rules by Kaspersky 2016-07-02 19:32:36 +02:00
apt_ta17_293A.yar Cleanup 2017-10-23 16:54:53 +02:00
apt_ta17_318A.yar Alert (TA17-318A) HIDDEN COBRA – FALLCHILL 2017-11-15 21:45:10 +01:00
apt_ta17_318B.yar Alert (TA17-318B) HIDDEN COBRA – Volgmer 2017-11-15 21:45:49 +01:00
apt_ta459.yar TA459 Malware 2017-06-01 19:46:36 +02:00
apt_telebots.yar Telebots YARA Rule 2016-12-27 23:23:59 +01:00
apt_terracotta_liudoor.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_terracotta.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_threatgroup_3390.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_tick_datper.yar Tick Datper 2017-08-21 17:20:01 +02:00
apt_tidepool.yar Danti and SVCMONDR Malware Rules 2016-05-25 16:14:11 -06:00
apt_tophat.yar TopHat campaign malware YARA rules 2018-01-29 09:00:09 +01:00
apt_triton.yar False Positive Reduction 2018-02-07 14:39:28 +01:00
apt_turbo_campaign.yar Derusbi ELF / Win32 Turbo Campaign 2016-02-29 20:32:42 +01:00
apt_turla_gazer.yar APT Turla Gazer 2017-09-02 08:26:07 +02:00
apt_turla_mosquito.yar Turla Mosquito YARA Sigs 2018-02-23 11:50:35 +01:00
apt_turla_neuron.yar APT Turla Neuron 2017-11-25 00:40:07 +01:00
apt_turla.yar Turla malicious JavaScript 2018-01-22 08:46:03 +01:00
apt_uboat_rat.yar UBoatRAT 2017-11-30 15:13:21 +01:00
apt_unit78020_malware.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_uscert_ta17-1117a.yar US CERT Alert TA17-117A https://goo.gl/fZhL9H 2017-04-28 11:14:52 +02:00
apt_venom_linux_rootkit.yar Venom Linux Rootkit 2017-01-14 19:38:06 +01:00
apt_volatile_cedar.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
apt_waterbear.yar Waterbear Malware 2017-06-24 08:53:52 +02:00
apt_waterbug.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_webshell_chinachopper.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_wildneutron.yar False Positive Reduction 2017-07-29 13:34:21 +02:00
apt_wilted_tulip.yar Wilted Tulip YARA Signatures 2017-07-25 15:24:20 +02:00
apt_win_plugx.yar Adjusted YARA Rule 2016-06-08 21:08:44 +02:00
apt_winnti_hdroot.yar Winnti HDRoot samples 2017-07-08 13:08:38 -06:00
apt_winnti_ms_report_201701.yar Winnti malware MS Report 2017-02-07 10:45:19 +01:00
apt_winnti.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_woolengoldfish.yar signatures > yara 2016-02-15 12:31:27 +01:00
apt_xrat.yar APT xRAT 2017-12-12 01:00:00 +01:00
apt_zxshell.yar ZXShell Update 2017-12-12 01:00:22 +01:00
cn_pentestset_scripts.yar signatures > yara 2016-02-15 12:31:27 +01:00
cn_pentestset_tools.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
cn_pentestset_webshells.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_andromeda_jun17.yar Malware / Bot / Andromeda Jun 17 2017-07-01 14:35:09 +02:00
crime_antifw_installrex.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_bad_patch.yar Bad Patch report YARA signatures 2017-10-21 16:27:18 +02:00
crime_badrabbit.yar BadRabbit ransomware 2017-10-25 08:57:00 +02:00
crime_bernhard_pos.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_buzus_softpulse.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_cmstar.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_cn_campaign_njrat.yar CN disclosed malware repo - NjRAT 2018-02-09 10:04:27 +01:00
crime_cn_group_btc.yar Crime CN Group BTC Miner and Ammyy Admin 2017-06-23 08:18:41 +02:00
crime_cobaltgang.yar Cobalt Strike CN group dropper, CobaltGang malware 2017-08-12 09:08:32 +02:00
crime_corkow_dll.yar Missing PE module imports, minor changes 2017-10-11 18:43:19 +02:00
crime_credstealer_generic.yar Generic Credential Stealer 2017-06-07 16:21:24 +02:00
crime_cryptowall_svg.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_dexter_trojan.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_dridex_xml.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_enfal.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_envrial.yar Envrial Credential Stealer 2018-01-22 08:47:09 +01:00
crime_eternalrocks.yar EternalRocks 2017-05-18 08:51:29 +02:00
crime_fareit.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_fireball.yar False Positive Reduction 2017-06-06 09:16:02 +02:00
crime_goldeneye.yar GoldenEye Ransomware 2016-12-06 17:13:12 +01:00
crime_hermes_ransom.yar FEIB Report - by BEA systems 2017-10-17 08:31:59 +02:00
crime_kasper_oct17.yar Missing "pe" module import in Kasper rule 2017-10-31 12:11:27 +01:00
crime_kins_dropper.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_kr_malware.yar Malware used in South Korean campaign 2017-08-23 13:21:56 +02:00
crime_kraken_bot1.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_kriskynote.yar Kriskynote Malware 2017-03-04 14:38:35 +01:00
crime_locky.yar Locky Ransomware 2016-02-17 18:03:58 +01:00
crime_loki_bot.yar Loki Bot and Dropper (Feb variant) 2018-02-15 17:08:01 +01:00
crime_malumpos.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_malware_generic.yar Unspecified malware sample Jan 18 2018-01-22 08:45:44 +01:00
crime_malware_set_oct16.yar Reduced false positives 2017-08-30 20:19:25 +02:00
crime_mikey_trojan.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_mirai.yar Mirai Malware Update 2017-05-12 16:49:51 +02:00
crime_mywscript_dropper.yar Improved description and added note for known false positives 2017-11-22 13:42:44 +01:00
crime_nkminer.yar North Korean Crypto Miner (by Chris Doman and me) 2018-01-10 08:36:13 +01:00
crime_nopetya_jun17.yar Added hashes to rule 2017-06-28 08:34:56 +02:00
crime_ole_loadswf_cve_2018_4878.yar OLE LoadSwf CVE 2018-4878 2018-02-05 10:20:19 +01:00
crime_phish_gina_dec15.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_rombertik_carbongrabber.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_shifu_trojan.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_snarasite.yar Missing PE module imports, minor changes 2017-10-11 18:43:19 +02:00
crime_teledoor.yar Added 3rd hash to TeleDoor backdoor rule 2017-07-05 14:00:14 -06:00
crime_upatre_oct15.yar signatures > yara 2016-02-15 12:31:27 +01:00
crime_wannacry.yar Kaspersky's lazaruswannacry rule 2017-05-15 23:24:22 +02:00
crime_zeus_panda.yar Zeus Panda 2017-08-05 14:54:13 +02:00
exploit_cve_2015_1674.yar signatures > yara 2016-02-15 12:31:27 +01:00
exploit_cve_2015_1701.yar signatures > yara 2016-02-15 12:31:27 +01:00
exploit_cve_2015_2426.yar signatures > yara 2016-02-15 12:31:27 +01:00
exploit_cve_2015_2545.yar Renamed rule 2017-07-19 19:50:26 -06:00
exploit_cve_2017_8759.yar Improved CVE 2017 8759 rule 2017-11-28 10:56:48 +01:00
exploit_cve_2017_9800.yar CVE-2017-9800 exploit 2017-08-11 14:03:24 +02:00
exploit_cve_2017_11882.yar New CVE-2017-11882 detection rule 2018-02-14 08:51:45 +01:00
exploit_cve_2018_0802.yar YARA rule for CVE-2018-0802 by Rich Warren 2018-01-14 13:49:53 +01:00
exploit_rtf_ole2link.yar False Positive Reduction 2017-10-23 16:54:34 +02:00
exploit_uac_elevators.yar Improved a suboptimal UAC elevation rule 2017-07-10 13:59:46 -06:00
gen_ace_with_exe.yar signatures > yara 2016-02-15 12:31:27 +01:00
gen_armitage.yar THOR Armitage rules sub set 2017-12-26 01:09:54 +01:00
gen_b374k_extra.yar OTX Update and b374k back connect shell 2016-08-26 21:43:11 +02:00
gen_case_anomalies.yar Wscript.Shell rule false positive reduction 2018-02-20 20:12:00 +01:00
gen_chaos_payload.yar CHAOS Payload 2017-08-18 00:58:33 +02:00
gen_cn_hacktool_scripts.yar signatures > yara 2016-02-15 12:31:27 +01:00
gen_cn_hacktools.yar False Positive 'Tools_termsrv' 2017-08-31 22:19:14 +02:00
gen_cn_webshells.yar Remove False Positive Rules 2017-02-10 10:40:52 +01:00
gen_crunchrat.yar CrunchRAT 2017-11-04 01:57:05 +01:00
gen_dde_in_office_docs.yar Disabled DDEAUTO rule that slowed down scanning 2018-02-03 14:46:15 +01:00
gen_deviceguard_evasion.yar Device Guard Evasion 2016-08-18 08:44:27 +02:00
gen_empire.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
gen_enigma_protector.yar Enigma protected malware 2017-05-03 09:02:08 +02:00
gen_faked_versions.yar False Positives 2017-04-28 10:32:36 +02:00
gen_floxif.yar Floxif Malware 2017-04-08 12:57:47 +02:00
gen_gen_cactustorch.yar CactusTorch Rule 2017-07-31 14:52:02 +02:00
gen_gpp_cpassword.yar signatures > yara 2016-02-15 12:31:27 +01:00
gen_hawkeye.yar HawkEye keylogger variant rule 2018-02-12 18:22:30 +01:00
gen_hta_anomalies.yar Reference in HTA anomaly rules 2017-06-21 17:03:06 +02:00
gen_impacket_tools.yar Impacket Generic Rule FPs 2017-05-05 15:13:57 +02:00
gen_invoke_mimikatz.yar False Positive Reduction 2017-12-17 23:55:33 +01:00
gen_invoke_psimage.yar Invoke-PSImage 2017-12-19 16:48:16 +01:00
gen_invoke_thehash.yar Invoke-TheHash 2017-06-14 21:46:43 +02:00
gen_javascript_powershell.yar Javascript obfuscated PowerShell (droppers) 2017-03-24 14:52:26 +01:00
gen_kerberoast.yar Kerberoast 2016-05-24 07:28:42 -06:00
gen_kirbi_mimkatz.yar Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
gen_loaders.yar Activate pe.imphash() expressions in my rules 2017-10-18 21:58:30 +02:00
gen_mal_link.yar Malicious lnk file rule 2017-11-22 16:46:31 +01:00
gen_mal_scripts.yar VBS Obfuscator 2018-02-13 16:20:16 +01:00
gen_malware_set_qa.yar Remove False Positive Rules 2017-02-10 10:40:52 +01:00
gen_merlin_agent.yar Typo in Merlin rule 2017-12-29 15:15:57 +01:00
gen_metasploit_loader_rsmudge.yar Metasploit Loader by RSMudge 2016-04-21 10:31:41 +02:00
gen_metasploit_payloads.yar Removed duplicate rule StreamEx_ShellCrew 2017-02-11 11:38:12 +01:00
gen_mimikittenz.yar Mimikittenz 2016-07-20 13:30:10 +02:00
gen_mimipenguin.yar MimiPenguin Update 2017-07-08 16:32:00 -06:00
gen_nopowershell.yar No Powershell 2016-05-24 07:28:29 -06:00
gen_osx_backdoor_bella.yar OSX malware by @JohnLaTwC 2018-02-24 10:08:40 +01:00
gen_osx_evilosx.yar OSX malware by @JohnLaTwC 2018-02-24 10:08:40 +01:00
gen_osx_pyagent_persistence.yar OSX malware by @JohnLaTwC 2018-02-24 10:08:40 +01:00
gen_p0wnshell.yar P0wnShell 2017-01-15 16:30:56 +01:00
gen_pirpi.yar APT29 IOCs and Pirpi YARA Rules 2016-09-11 15:59:36 +02:00
gen_powerkatz.yar signatures > yara 2016-02-15 12:31:27 +01:00
gen_powershdll.yar PowerShdll 2017-08-21 15:03:29 +02:00
gen_powershell_empire.yar signatures > yara 2016-02-15 12:31:27 +01:00
gen_powershell_invocation.yar False Positive Reduction - apply to files only (not memory) 2017-10-18 21:58:57 +02:00
gen_powershell_obfuscation.yar PowerShell Obfuscation - 1st rule for LOKI 2017-06-23 11:29:56 +02:00
gen_powershell_suite.yar PowerShell Suite 2017-12-28 20:03:47 +01:00
gen_powershell_susp.yar WScript PowerShell Combo 2018-02-08 23:03:23 +01:00
gen_powershell_toolkit.yar PowerShell Toolkit YARA Rules 2016-09-04 18:19:57 +02:00
gen_ps_empire_eval.yar PowerShell Empire Mods Eval 2017-07-29 13:34:49 +02:00
gen_ps_osiris.yar Osiris Device Guard Bypass 2017-03-27 09:39:43 +02:00
gen_pua.yar WinDivert Driver - PUA: User mode packet capturing driver 2017-10-03 19:35:49 +02:00
gen_pupy_rat.yar Bugfix in Puppy RAT rule 2017-10-20 09:54:59 +02:00
gen_rats_malwareconfig.yar False Positive Reduction 2017-07-13 08:00:52 -06:00
gen_recon_keywords.yar avdapp.dll False Positive 2017-08-01 16:21:57 +02:00
gen_redsails.yar Hacktool RedSails 2017-10-03 19:36:17 +02:00
gen_regsrv32_issue.yar Regsvr32 issue signature 2016-04-26 10:05:17 +02:00
gen_rottenpotato.yar Rotten Potato - Avoiding False Positives 2017-02-07 17:58:44 +01:00
gen_sharpcat.yar SharpCat YARA Signature 2016-06-10 18:14:26 +02:00
gen_susp_strings_in_ole.yar Suspicious strings in OLE object - see reference for details 2018-01-24 12:40:40 +01:00
gen_suspicious_strings.yar VBS Dropper 2018-01-03 12:26:59 +01:00
gen_sysinternals_anomaly.yar SysInternals Anomalies 2016-12-09 00:20:38 +01:00
gen_tempracer.yar Signature Update 2016-04-01 16:51:30 +02:00
gen_thumbs_cloaking.yar signatures > yara 2016-02-15 12:31:27 +01:00
gen_transformed_strings.yar OTX Update and b374k back connect shell 2016-08-26 21:43:11 +02:00
gen_unspecified_malware.yar Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
gen_url_to_local_exe.yar URL file pointing to local EXE 2017-10-04 14:42:34 +02:00
gen_win_privesc.yar Signature Update 2016-06-04 17:07:38 +02:00
gen_winpayloads.yar NCCGroups WinPayloads 2017-07-13 08:02:20 -06:00
gen_winshells.yar Signature Update 2016-04-01 16:51:30 +02:00
gen_wmi_implant.yar WMI Implant PowerShell 2017-03-24 17:33:26 +01:00
gen_xtreme_rat.yar Xtreme RAT Sigs 2017-09-29 08:46:42 +02:00
gen_ysoserial_payloads.yar ysoserial payloads 2017-02-05 13:27:10 +01:00
general_cloaking.yar False Positive Reduction 2017-12-12 00:59:36 +01:00
general_officemacros.yar Malware Dropper - DOCM in PDF 2017-05-15 19:36:58 +02:00
generic_anomalies.yar Suspicious Autoit by Microsoft 2017-12-16 15:43:56 +01:00
generic_cryptors.yar signatures > yara 2016-02-15 12:31:27 +01:00
generic_dumps.yar Signature Update 2016-06-04 17:07:38 +02:00
generic_exe2hex_payload.yar signatures > yara 2016-02-15 12:31:27 +01:00
pua_cryptocoin_miner.yar Generic CryptoMiner rule 2018-01-05 16:17:38 +01:00
pua_xmrig_monero_miner.yar Xmrig XMR / Monero crypto mining software 2018-01-04 13:20:02 +01:00
pup_lightftp.yar signatures > yara 2016-02-15 12:31:27 +01:00
spy_equation_fiveeyes.yar signatures > yara 2016-02-15 12:31:27 +01:00
spy_querty_fiveeyes.yar signatures > yara 2016-02-15 12:31:27 +01:00
spy_regin_fiveeyes.yar Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
thor_inverse_matches.yar Fixed False Postive for Taskmgr on Windows XP 2018-02-02 08:55:33 +01:00
thor-hacktools.yar Bugfix in thor-hacktools.yar > missing "pe" import 2018-01-24 20:17:04 +01:00
thor-webshells.yar Typo in ALFA shell rule 2017-11-22 18:15:00 +01:00
threat_lenovo_superfish.yar signatures > yara 2016-02-15 12:31:27 +01:00