Sophos AI YaraML Rules Repository Logo

Sophos AI YaraML Rules Repository

0
Free
Visit Website

YaraML is a tool that automatically generates Yara rules from training data by translating scikit-learn logistic regression and random forest binary classifiers into the Yara language. Give YaraML a directory of malware files and a directory of benign files of any format and it'll extract substring features, downselect your feature space, train a model, and then "compile" the model and return it as a textual Yara rule. To get a feel for what this looks like, see the logistic regression Powershell detector generated by YaraML and given below.

FEATURES

ALTERNATIVES

A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.

FLARE-VM is a collection of software installation scripts for Windows systems designed for setting up and maintaining a reverse engineering environment on a virtual machine.

Management portal for LoKi scanner with centralized database for scanning activities.

IDA Pro plugin for finding crypto constants

OCaml wrapper for YARA matching engine for malware identification

A software reverse engineering framework with full-featured analysis tools and support for multiple platforms, instruction sets, and executable formats.

Java code implementing the AutoYara algorithm for automatic Yara rule generation from input samples.

Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.