Sophos AI YaraML Rules Repository Logo

Sophos AI YaraML Rules Repository

0
Free
Visit Website

YaraML is a tool that automatically generates Yara rules from training data by translating scikit-learn logistic regression and random forest binary classifiers into the Yara language. Give YaraML a directory of malware files and a directory of benign files of any format and it'll extract substring features, downselect your feature space, train a model, and then "compile" the model and return it as a textual Yara rule. To get a feel for what this looks like, see the logistic regression Powershell detector generated by YaraML and given below.

FEATURES

ALTERNATIVES

YARA module for supporting DCSO format bloom filters with hashlookup capabilities.

Python wrapper for the Libemu library for analyzing shellcode.

A 32-bit assembler level analyzing debugger for Microsoft Windows.

A malware/botnet analysis framework with a focus on network analysis and process comparison.

Online Java decompiler tool with support for modern Java features.

Management portal for LoKi scanner with centralized database for scanning activities.

OCaml wrapper for YARA matching engine for malware identification

Parse YARA rules into a dictionary representation.