ConventionEngine Logo

ConventionEngine

0
Free
Visit Website

ConventionEngine is a collection of Yara rules looking for PEs with PDB paths that have unique, unusual, or overtly malicious-looking keywords, terms, or other features. For further reading on the context, please see the @FireEye blog series on the subject. Keywords = string words used by malware developers to organize files, folders and code projects, often describing the functionality of the malware. Terms = string words that show up in paths as a result of operating system, software, or user behavior, often indicating that the developer is riding solo or that code project is not being developed for a "enterprise" software product. Anomalies = Other things that are less common but are suspicious or indicative of various behaviors. See also here: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/definitive_dossier_pdb_yara_appendix.pdf

FEATURES

ALTERNATIVES

A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.

Interactive incremental disassembler with data/control flow analysis capabilities.

Powerful debugging tool with extensive features and extensions for memory dump analysis and crash dump analysis.

A tool that generates pseudo-malicious files to trigger YARA rules.

Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.

A collection of YARA rules for public use, built from intelligence profiles and file work.

Repository of YARA rules for Trellix ATR blogposts and investigations

Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.