Yara Rules

CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.

ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.

A tool that generates pseudo-malicious files to trigger YARA rules.

YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.

Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.

Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.

A collection of Yara rules for detecting malware evasion techniques

A repository of YARA rules for identifying and classifying malware through pattern-based detection.

A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.

A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.

A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.

AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.

Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.

Knowledge base workflow management dashboard for YARA rules and C2 artifacts.

A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.

A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.

Define and validate YARA rule metadata with CCCS YARA Specification.

An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.

OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.

A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.

A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.

A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.

A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.