Yara VirusTotal Commenter Logo

Yara VirusTotal Commenter

0
Free
Visit Website

You know you scan files with Yara anyways, why not give your findings back to the community? This script can scan a folder of samples against a provided Yara ruleset and optionally submit the matching Yara rule names to each file's respective VirusTotal report as a comment. Important: Use this script only with high-confidence Yara rules to avoid spamming VT with misleading comments. Pre-Alpha: This code hasn't yet been tested in any real way. I would not recommend using it :) Usage: $ python yara_vt.py --help (master) usage: yara_vt.py [-h] -r RULES -s SAMPLES [-k KEY] -c Scan directory with Yara and submit matches to VirusTotal samples as comments optional arguments: -h, --help show this help message and exit Yara: -r RULES, --rules RULES yara rules directory -s SAMPLES, ---samples SAMPLES samples directory to scan VirusTotal: -k KEY, --key KEY virustotal API key -c, --comment submit virustotal comments

FEATURES

ALTERNATIVES

Facilitates distribution of Threat Intelligence artifacts to defensive systems.

A curated list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon.

Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.

Collect various intelligence sources for hosts in CSV format.

Modular Threat Hunting Tool & Framework

Provides advanced external threat intelligence to help organizations proactively identify and mitigate potential security threats.

A tool for creating custom detection rules from YAML input

Taxii2 server for interacting with taxii services.