This project provides open-source YARA rules for the detection of malware and malicious files. The anti-virus industry prefers names for a threat. This is my attempt to publish signatures as numbers. Since I find the naming of threats to be confusing and misleading I am attempting to locate threats in a phase-space so that their relationships can be measured, visualized and scientifically described. Each YARA signature in this archive is organized by a prefix and a 64 bit integer. The prefix is an index into file size and file type while the suffix is a 64 bit coordinate in a multi dimensional hyper space. Within a prefix, edit distance may be used to understand how two clusters relate to each other. The Starting Problem The basis of this research and this contribution to internet security is the idea of the Starting Problem which derives itself from Turing complete machines halting problem documented by Allen Turing in 1936. The staring problem I am defining thus: Knowing if a program should be allowed to run without running the program. My solution is to run about 4% of programs and by running them infer if the other 96% should be allowed to run. Icewater is the
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A tool for processing compiled YARA rules in IDA.
Scan folders and files for crypto patterns, hacking team malware, and malicious documents using PEID signatures.
PinCTF is a tool for using Intel's Pin Tool to instrument reverse engineering binaries and count instructions.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
A strings statistics calculator for YARA rules to aid malware research.
A free web-based Yara debugger for security analysts to write hunting or detection rules with ease.