Sophos AI YaraML Rules Repository Logo

Sophos AI YaraML Rules Repository

0
Free
Visit Website

YaraML is a tool that automatically generates Yara rules from training data by translating scikit-learn logistic regression and random forest binary classifiers into the Yara language. Give YaraML a directory of malware files and a directory of benign files of any format and it'll extract substring features, downselect your feature space, train a model, and then "compile" the model and return it as a textual Yara rule. To get a feel for what this looks like, see the logistic regression Powershell detector generated by YaraML and given below.

FEATURES

ALTERNATIVES

A minimal library to generate YARA rules from JAVA with maven support.

A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.

A collection of Yara rules for detecting malware evasion techniques

A Burp extension to check JWT tokens for potential weaknesses

A deserialization payload generator for .NET formatters

A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

Tool for decompressing malware samples to run Yara rules against them.

BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.

PINNED