Most of these rules can be found on GitHub: https://github.com/droberson/yararules
100 Days of YARA – Day 1: Basics
100 Days of YARA – Day 2: Identifying PE files and Measuring Speed of Rules
100 Days of YARA – Day 3: ELF Files
100 Days of YARA – Day 4: Identifying Mach-O Files and Java Classes
100 Days of YARA – Day 5: Shell Scripts Two Ways!
100 Days of YARA – Day 7: SHA256
100 Days of YARA – Day 8: Salsa20
100 Days of YARA – Day 9: Berkeley Sockets
100 Days of YARA – Day 10: WinSock
100 Days of YARA – Day 11: UPX
100 Days of YARA – Day 12: Neshta
100 Days of YARA – Day 13: Quasar RAT
100 Days of YARA – Day 14: shc Generic Shell Script Compiler
100 Days of YARA – Day 15: njrat
Pingback: 100 Days of YARA – Day 1: Basics – DMFR SECURITY
Pingback: 100 Days of YARA – Day 2: Identifying PE files and Measuring Speed of Rules – DMFR SECURITY
Pingback: 100 Days of YARA – Day 3: ELF Files – DMFR SECURITY
Pingback: 100 Days of YARA – Day 4: Identifying Mach-O Files and Java Classes – DMFR SECURITY
Pingback: 100 Days of YARA – Day 5: Shell Scripts Two Ways! – DMFR SECURITY
Pingback: 100 Days of YARA – Day 6: MD5 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 7: SHA256 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 8: Salsa20 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 9: Berkeley Sockets – DMFR SECURITY
Pingback: 100 Days of YARA – Day 10: WinSock – DMFR SECURITY
Pingback: 100 Days of YARA – Day 11: UPX – DMFR SECURITY
Pingback: 100 Days of YARA – Day 12: Neshta – DMFR SECURITY
Pingback: 100 Days of YARA – Day 13: Quasar RAT – DMFR SECURITY
Pingback: 100 Days of YARA – Day 14: shc Generic Shell Script Compiler – DMFR SECURITY
Pingback: 100 Days of YARA – Day 15: njrat – DMFR SECURITY
Pingback: 100 Days of YARA – Day 19: Identifying Golang Binaries – DMFR SECURITY
Pingback: 100 Days of YARA – Day 20: xmrig – DMFR SECURITY
Pingback: 100 Days of YARA – Day 21: DCRat – DMFR SECURITY
Pingback: 100 Days of YARA – Day 22: Parent Process ID Spoofing – DMFR SECURITY
Pingback: 100 Days of YARA – Day 23: socat – DMFR SECURITY
Pingback: 100 Days of YARA – Day 24: Run Keys – DMFR SECURITY
Pingback: 100 Days of YARA – Day 25: Hive Ransomware Obfuscated Strings – DMFR SECURITY
Pingback: 100 Days of YARA – Day 26: Merlin C2 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 27: LOKI2 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 28: pyinstaller – DMFR SECURITY
Pingback: 100 Days of YARA – Day 29: MysterySnail – DMFR SECURITY
Pingback: 100 Days of YARA – Day 30: CRC32 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 31: PDB Paths – DMFR SECURITY
Pingback: 100 Days of YARA – Day 32: Base64 Alphabet – DMFR SECURITY
Pingback: 100 Days of YARA – Day 33: Murmur Hash – DMFR SECURITY
Pingback: 100 Days of YARA – Day 34: TinyMet – DMFR SECURITY
Pingback: 100 Days of YARA – Day 35: nanomet – DMFR SECURITY
Pingback: 100 Days of YARA – Day 36: Sliver Adversary Emulation Framework – DMFR SECURITY
Pingback: 100 Days of YARA – Day 37: PRISM – DMFR SECURITY
Pingback: 100 Days of YARA – Day 38: pupy – DMFR SECURITY
Pingback: 100 Days of YARA – Day 39: SilentMoon – DMFR SECURITY
Pingback: 100 Days of YARA – Day 40: masscan – DMFR SECURITY
Pingback: 100 Days of YARA – Day 41: nmap – DMFR SECURITY
Pingback: 100 Days of YARA – Day 42: ptrace – DMFR SECURITY
Pingback: 100 Days of YARA – Day 43: EfsPotato – DMFR SECURITY
Pingback: 100 Days of YARA – Day 44: NirSoft LSA Secrets View – DMFR SECURITY
Pingback: 100 Days of YARA – Day 45: Generic NirSoft Tools – DMFR SECURITY
Pingback: 100 Days of YARA – Day 46: NirSoft MailPassView – DMFR SECURITY
Pingback: 100 Days of YARA – Day 49: RC4 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 50: libprocesshider – DMFR SECURITY
Pingback: 100 Days of YARA – Day 51: bdvl – DMFR SECURITY
Pingback: 100 Days of YARA – Day 52: Golang ssh package – DMFR SECURITY
Pingback: 100 Days of YARA – Day 53: AutoIt 3 – DMFR SECURITY
Pingback: 100 Days of YARA – Day 54: Golang protobufs – DMFR SECURITY
Pingback: 100 Days of YARA – Day 55: BlisterLoader – DMFR SECURITY