YARA Rules Index

On By DanielIn 100 days of Yara, forensics, incident response, malware

Most of these rules can be found on GitHub: https://github.com/droberson/yararules

100 Days of YARA – Day 1: Basics

100 Days of YARA – Day 2: Identifying PE files and Measuring Speed of Rules

100 Days of YARA – Day 3: ELF Files

100 Days of YARA – Day 4: Identifying Mach-O Files and Java Classes

100 Days of YARA – Day 5: Shell Scripts Two Ways!

100 Days of YARA – Day 6: MD5

100 Days of YARA – Day 7: SHA256

100 Days of YARA – Day 8: Salsa20

100 Days of YARA – Day 9: Berkeley Sockets

100 Days of YARA – Day 10: WinSock

100 Days of YARA – Day 11: UPX

100 Days of YARA – Day 12: Neshta

100 Days of YARA – Day 13: Quasar RAT

100 Days of YARA – Day 14: shc Generic Shell Script Compiler

100 Days of YARA – Day 15: njrat

100 Days of YARA – Day 16: Public Services

100 Days of YARA – Day 17: BlackCat Ransomware

50 thoughts on “YARA Rules Index

  1. Pingback: 100 Days of YARA – Day 1: Basics – DMFR SECURITY

  2. Pingback: 100 Days of YARA – Day 2: Identifying PE files and Measuring Speed of Rules – DMFR SECURITY

  3. Pingback: 100 Days of YARA – Day 3: ELF Files – DMFR SECURITY

  4. Pingback: 100 Days of YARA – Day 4: Identifying Mach-O Files and Java Classes – DMFR SECURITY

  5. Pingback: 100 Days of YARA – Day 5: Shell Scripts Two Ways! – DMFR SECURITY

  6. Pingback: 100 Days of YARA – Day 6: MD5 – DMFR SECURITY

  7. Pingback: 100 Days of YARA – Day 7: SHA256 – DMFR SECURITY

  8. Pingback: 100 Days of YARA – Day 8: Salsa20 – DMFR SECURITY

  9. Pingback: 100 Days of YARA – Day 9: Berkeley Sockets – DMFR SECURITY

  10. Pingback: 100 Days of YARA – Day 10: WinSock – DMFR SECURITY

  11. Pingback: 100 Days of YARA – Day 11: UPX – DMFR SECURITY

  12. Pingback: 100 Days of YARA – Day 12: Neshta – DMFR SECURITY

  13. Pingback: 100 Days of YARA – Day 13: Quasar RAT – DMFR SECURITY

  14. Pingback: 100 Days of YARA – Day 14: shc Generic Shell Script Compiler – DMFR SECURITY

  15. Pingback: 100 Days of YARA – Day 15: njrat – DMFR SECURITY

  16. Pingback: 100 Days of YARA – Day 19: Identifying Golang Binaries – DMFR SECURITY

  17. Pingback: 100 Days of YARA – Day 20: xmrig – DMFR SECURITY

  18. Pingback: 100 Days of YARA – Day 21: DCRat – DMFR SECURITY

  19. Pingback: 100 Days of YARA – Day 22: Parent Process ID Spoofing – DMFR SECURITY

  20. Pingback: 100 Days of YARA – Day 23: socat – DMFR SECURITY

  21. Pingback: 100 Days of YARA – Day 24: Run Keys – DMFR SECURITY

  22. Pingback: 100 Days of YARA – Day 25: Hive Ransomware Obfuscated Strings – DMFR SECURITY

  23. Pingback: 100 Days of YARA – Day 26: Merlin C2 – DMFR SECURITY

  24. Pingback: 100 Days of YARA – Day 27: LOKI2 – DMFR SECURITY

  25. Pingback: 100 Days of YARA – Day 28: pyinstaller – DMFR SECURITY

  26. Pingback: 100 Days of YARA – Day 29: MysterySnail – DMFR SECURITY

  27. Pingback: 100 Days of YARA – Day 30: CRC32 – DMFR SECURITY

  28. Pingback: 100 Days of YARA – Day 31: PDB Paths – DMFR SECURITY

  29. Pingback: 100 Days of YARA – Day 32: Base64 Alphabet – DMFR SECURITY

  30. Pingback: 100 Days of YARA – Day 33: Murmur Hash – DMFR SECURITY

  31. Pingback: 100 Days of YARA – Day 34: TinyMet – DMFR SECURITY

  32. Pingback: 100 Days of YARA – Day 35: nanomet – DMFR SECURITY

  33. Pingback: 100 Days of YARA – Day 36: Sliver Adversary Emulation Framework – DMFR SECURITY

  34. Pingback: 100 Days of YARA – Day 37: PRISM – DMFR SECURITY

  35. Pingback: 100 Days of YARA – Day 38: pupy – DMFR SECURITY

  36. Pingback: 100 Days of YARA – Day 39: SilentMoon – DMFR SECURITY

  37. Pingback: 100 Days of YARA – Day 40: masscan – DMFR SECURITY

  38. Pingback: 100 Days of YARA – Day 41: nmap – DMFR SECURITY

  39. Pingback: 100 Days of YARA – Day 42: ptrace – DMFR SECURITY

  40. Pingback: 100 Days of YARA – Day 43: EfsPotato – DMFR SECURITY

  41. Pingback: 100 Days of YARA – Day 44: NirSoft LSA Secrets View – DMFR SECURITY

  42. Pingback: 100 Days of YARA – Day 45: Generic NirSoft Tools – DMFR SECURITY

  43. Pingback: 100 Days of YARA – Day 46: NirSoft MailPassView – DMFR SECURITY

  44. Pingback: 100 Days of YARA – Day 49: RC4 – DMFR SECURITY

  45. Pingback: 100 Days of YARA – Day 50: libprocesshider – DMFR SECURITY

  46. Pingback: 100 Days of YARA – Day 51: bdvl – DMFR SECURITY

  47. Pingback: 100 Days of YARA – Day 52: Golang ssh package – DMFR SECURITY

  48. Pingback: 100 Days of YARA – Day 53: AutoIt 3 – DMFR SECURITY

  49. Pingback: 100 Days of YARA – Day 54: Golang protobufs – DMFR SECURITY

  50. Pingback: 100 Days of YARA – Day 55: BlisterLoader – DMFR SECURITY

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s