A repository containing Yara signatures developed by Citizen Lab for detecting malware used in targeted attacks against civil society organizations. The signatures are created based on research conducted by Citizen Lab into cyber threats targeting NGOs, activists, journalists, and other civil society groups. These Yara rules enable security researchers and analysts to identify specific malware families and variants that have been observed in campaigns against these organizations. The repository serves as a resource for the cybersecurity community to detect and analyze threats commonly used in targeted surveillance and espionage operations. The signatures are made available under a Creative Commons Attribution 4.0 International License, allowing for broad use and distribution. Additional context and indicators of compromise related to these signatures can be found in Citizen Lab's separate IOC repository, providing comprehensive threat intelligence for researchers investigating attacks on civil society.