GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Hestat → Lw Yara

Hestat / Lw Yara

Licence: gpl-3.0
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

Labels

dfiryarasignaturemalware-detection

Projects that are alternatives of or similar to Lw Yara

Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+1453.85%)
Mutual labels:  dfir, yara, signature
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+2742.31%)
Mutual labels:  dfir, yara, signature
Scripting
PS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-39.74%)
Mutual labels:  dfir, malware-detection
yara-rules
Yara rules written by me, for free use.
Stars: ✭ 13 (-83.33%)
Mutual labels:  dfir, yara
Binaryalert
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
Stars: ✭ 1,125 (+1342.31%)
Mutual labels:  yara, malware-detection
yara-validator
Validates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (-52.56%)
Mutual labels:  dfir, yara
factual-rules-generator
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (-20.51%)
Mutual labels:  dfir, yara
Yobi
Yara Based Detection Engine for web browsers
Stars: ✭ 39 (-50%)
Mutual labels:  dfir, yara
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+284.62%)
Mutual labels:  dfir, yara
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+351.28%)
Mutual labels:  yara, malware-detection
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+462.82%)
Mutual labels:  dfir, yara
yara
Malice Yara Plugin
Stars: ✭ 27 (-65.38%)
Mutual labels:  yara, malware-detection
pyarascanner
A simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-70.51%)
Mutual labels:  dfir, yara
minerchk
Bash script to Check for malicious Cryptomining
Stars: ✭ 36 (-53.85%)
Mutual labels:  dfir, malware-detection
Apkid
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+1180.77%)
Mutual labels:  yara, malware-detection
MeltingPot
A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
Stars: ✭ 23 (-70.51%)
Mutual labels:  yara, malware-detection
Nauz File Detector
Linker/Compiler/Tool detector for Windows, Linux and MacOS.
Stars: ✭ 146 (+87.18%)
Mutual labels:  signature, malware-detection
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+1687.18%)
Mutual labels:  yara, malware-detection
Reversinglabs Yara Rules
ReversingLabs YARA Rules
Stars: ✭ 280 (+258.97%)
Mutual labels:  yara, malware-detection
Die Engine
DIE engine
Stars: ✭ 648 (+730.77%)
Mutual labels:  yara, signature
View All Similar Projects ➔

lw-yara

Yara rulset based on php shells and other webserver malware.

I will be moving to a new role soon which will take me away from front line server investigations. If you would like to keep this dataset up to date report back new malware using my scanner:

https://github.com/Hestat/blazescan

Using the following will allow you to report new malware so I can add signatures:

blazescan -R

Installation instruction

git clone https://github.com/Hestat/lw-yara.git

scanning using clamav with custom rules

example at https://laskowski-tech.com/2018/04/26/eitest-cleanup-part-2-using-clamav-and-custom-yara-rules/

clamscan -ir -l /root/scanresults.txt -d /root/lw-yara/lw-rules_index.yar -d /root/lw-yara/lw.hdb /path/to/scan/

In clamscan

-ir flag will only report infected files and will scan recursively

-d flag allows you to specify a custom database, here we have 2 a hash database and a yara ruleset

-l creates a log of the scan

need to have clamav 98 or newer to parse Yara signatures

More info here:

https://laskowski-tech.com/2018/05/17/malware-databased-custom-malware-signatures/

Want a scanner to run this check out:

https://github.com/Hestat/blazescan

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].