Find BlisterLoader with YARA.
Tag: malware
100 Days of YARA – Day 53: AutoIt 3
Find AutoIt3-compiled binaries with YARA.
100 Days of YARA – Day 39: SilentMoon
Find Turla SilentMoon implants with YARA.
100 Days of YARA – Day 37: PRISM
Find PRISM backdoors with YARA.
100 Days of YARA – Day 34: TinyMet
Find TinyMet with YARA.
100 Days of YARA – Day 33: Murmur Hash
Detect samples implementing MurmurHash using YARA.
100 Days of YARA – Day 29: MysterySnail
Find RATs belonging to the MysterySnail group with YARA.
100 Days of YARA – Day 28: pyinstaller
Find executables bundled with pyinstaller using YARA.
100 Days of YARA – Day 26: Merlin C2
Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. This C2 software offers some unique features such as operating over the QUIC protocol and compatibility with the Mythic Framework.https://github.com/Ne0nd0g/merlin I encountered this C2 while playing Pros versus Joes CTF. rule merlin { meta: description = "https://github.com/Ne0nd0g/merlin" strings: $a = "github.com/Ne0nd0g/merlin" …
100 Days of YARA – Day 25: Hive Ransomware Obfuscated Strings
Detect the golang-based string obfuscation library implemented by Hive Ransomware with YARA.
100 Days of YARA – Day 24: Run Keys
Find samples containing registry run key pathways with YARA.
100 Days of YARA – Day 22: Parent Process ID Spoofing
Find samples that may have implemented parent process id spoofing with YARA.