Signature-Base
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot. ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions. Designed to be easy to adopt, ProcFilter's integration with Git and Event Log minimize the need for additional tools or infrastructure to deploy rules or gather results. ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems. Installers ProcFilter x86/x64 Release/Debug Installers Note: Unpatched Windows 7 systems require hotfix 3033929 to load the driver component.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
Provides breach and attack simulation products for security control validation, offering three different products to meet the needs of organizations of various sizes and maturity levels.
Stay informed with Rapid7's cybersecurity blog and vulnerability news updates.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
A summary of the threat modeling posts and final thoughts on the process