ReversingLabs YARA Rules Logo

ReversingLabs YARA Rules

0
Free
Visit Website

Welcome to the official ReversingLabs YARA rules repository! The repository will be updated continuously, as we develop rules for new threats, and after their quality has been proven through testing in our cloud and other environments. These rules have been written by our threat analysts, for threat hunters, incident responders, security analysts, and other defenders that could benefit from deploying high-quality threat detection YARA rules in their environment. Our detection rules, as opposed to hunting rules, need to satisfy certain criteria to be eligible for deployment, namely: * be as precise as possible, without losing detection quality * aim to provide zero false-positive detections In order for the rules to be easy to understand and maintain, we adopted the following set of goals: * clearly named byte patterns * readable and transparent conditions * match unique malware functionality * prefer code byte patterns over strings To ensure the quality of our rules, we continuously and extensively test them in our cloud, on over 10B (and rising) unique binaries. Rules are evaluated on every layer to detect threats within layered objects, such as packed PE files, documents, and other types of files.

FEATURES

ALTERNATIVES

Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.

Deception based detection techniques with MITRE ATT&CK mapping and Honey Resources.

HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.

Repository for detection content with various types of rules and payloads.

A tool for creating custom detection rules from YAML input

Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.

Automated framework for collecting and processing samples from VirusTotal with YARA rule integration.

A library of Amazon S3 attack scenarios with mitigation strategies.