GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → reversinglabs → Reversinglabs Yara Rules

reversinglabs / Reversinglabs Yara Rules

Licence: mit
ReversingLabs YARA Rules

Labels

reverse-engineeringyaramalware-detection

Projects that are alternatives of or similar to Reversinglabs Yara Rules

Drsemu
DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior
Stars: ✭ 237 (-15.36%)
Mutual labels:  malware-detection, reverse-engineering
Apkid
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+256.79%)
Mutual labels:  yara, malware-detection
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+1.79%)
Mutual labels:  yara, reverse-engineering
Nauz File Detector
Linker/Compiler/Tool detector for Windows, Linux and MacOS.
Stars: ✭ 146 (-47.86%)
Mutual labels:  malware-detection, reverse-engineering
Lw Yara
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (-72.14%)
Mutual labels:  yara, malware-detection
Apkfile
Android app analysis and feature extraction library
Stars: ✭ 190 (-32.14%)
Mutual labels:  malware-detection, reverse-engineering
Die Engine
DIE engine
Stars: ✭ 648 (+131.43%)
Mutual labels:  yara, reverse-engineering
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+25.71%)
Mutual labels:  yara, malware-detection
Masc
A Web Malware Scanner
Stars: ✭ 74 (-73.57%)
Mutual labels:  yara, malware-detection
Binaryalert
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
Stars: ✭ 1,125 (+301.79%)
Mutual labels:  yara, malware-detection
Apklab
Android Reverse-Engineering Workbench for VS Code
Stars: ✭ 470 (+67.86%)
Mutual labels:  malware-detection, reverse-engineering
yara
Malice Yara Plugin
Stars: ✭ 27 (-90.36%)
Mutual labels:  yara, malware-detection
Drltrace
Drltrace is a library calls tracer for Windows and Linux applications.
Stars: ✭ 282 (+0.71%)
Mutual labels:  malware-detection, reverse-engineering
Xapkdetector
APK/DEX detector for Windows, Linux and MacOS.
Stars: ✭ 208 (-25.71%)
Mutual labels:  malware-detection, reverse-engineering
Pecli
CLI tool to analyze PE files
Stars: ✭ 46 (-83.57%)
Mutual labels:  yara, reverse-engineering
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+397.86%)
Mutual labels:  yara, malware-detection
MeltingPot
A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
Stars: ✭ 23 (-91.79%)
Mutual labels:  yara, malware-detection
Opensteamcontroller
Steam Controller reverse engineering and customization project.
Stars: ✭ 253 (-9.64%)
Mutual labels:  reverse-engineering
Wtfjh
One-step iOS binary runtime instrumentation for the lazy ones
Stars: ✭ 265 (-5.36%)
Mutual labels:  reverse-engineering
Ghidra Cpp Class Analyzer
Ghidra C++ Class and Run Time Type Information Analyzer
Stars: ✭ 252 (-10%)
Mutual labels:  reverse-engineering
View All Similar Projects ➔

ReversingLabs YARA Rules

Welcome to the official ReversingLabs YARA rules repository! The repository will be updated continuously, as we develop rules for new threats, and after their quality has been proven through testing in our cloud and other environments.

These rules have been written by our threat analysts, for threat hunters, incident responders, security analysts, and other defenders that could benefit from deploying high-quality threat detection YARA rules in their environment.

Our detection rules, as opposed to hunting rules, need to satisfy certain criteria to be eligible for deployment, namely:

  • be as precise as possible, without losing detection quality
  • aim to provide zero false-positive detections

In order for the rules to be easy to understand and maintain, we adopted the following set of goals:

  • clearly named byte patterns
  • readable and transparent conditions
  • match unique malware functionality
  • prefer code byte patterns over strings

To ensure the quality of our rules, we continuously and extensively test them in our cloud, on over 10B (and rising) unique binaries. Rules are evaluated on every layer to detect threats within layered objects, such as packed PE files, documents, and archives, among other things.

Prerequisites

To successfully run the entire YARA rule set, you must have:

  • YARA version >= 3.2.0
  • PE and ELF modules enabled

(or any other security solution compliant with the requirements).

Deployment

To start using our rules, just clone this repository, and start experimenting on your data sets. YARA rules found in this repository can be used in various environments, and the simplest setup is to use them through the standalone YARA executable, which can be found in the official YARA repository. The rules can also be deployed in a large number of modern security solutions that offer YARA integration, such as YARA-enabled sandboxes, and other file analysis frameworks. However, to get the best results, it is advisable to use the rules through ReversingLabs’ Titanium Platform which offers native integration of these rules into its classification pipeline.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgements

Thanks go to all the people who actively participate in the development of the YARA engine - without you, these rules would not be possible. Also, we’d like to thank everyone who participates in the YARA community, because you evolve the way YARA is used, improve how rules should be written, and are what makes our work worthwhile.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].