Saturday, December 10, 2022

Yara rules collection

Quite a while ago, I've published some of my private Yara rules online, on Github.

They can be found here:

https://github.com/bartblaze/Yara-rules

There's two workflows running on that Github repository:

  • YARA-CI: runs automatically to detect signature errors, as well as false positives and negatives.
  • Package Yara rules: allows download of a complete rules file (all Yara rules from this repo in one file) for convenience from the Actions tab > Artifacts (see image below).

image

The Yara rules are divided into:

  • APT
  • Crimeware
  • Generic
  • Hacktools
  • Ransomware

Furthermore, the rules can work natively with AssemblyLine due to the CCCS Yara rule standard adoption.

PR's are welcome where you see fit.