Quite a while ago, I've published some of my private Yara rules online, on Github.
They can be found here:
https://github.com/bartblaze/Yara-rules
There's two workflows running on that Github repository:
- YARA-CI: runs automatically to detect signature errors, as well as false positives and negatives.
- Package Yara rules: allows download of a complete rules file (all Yara rules from this repo in one file) for convenience from the Actions tab > Artifacts (see image below).
The Yara rules are divided into:
- APT
- Crimeware
- Generic
- Hacktools
- Ransomware
Furthermore, the rules can work natively with AssemblyLine due to the CCCS Yara rule standard adoption.
PR's are welcome where you see fit.
No comments:
Post a Comment