{"id":19832061,"url":"https://github.com/ail-project/ail-yara-rules","last_synced_at":"2026-03-03T09:31:46.823Z","repository":{"id":118130600,"uuid":"283123970","full_name":"ail-project/ail-yara-rules","owner":"ail-project","description":"A set of YARA rules for the AIL framework to detect leak or information disclosure","archived":false,"fork":false,"pushed_at":"2025-01-31T14:54:30.000Z","size":58,"stargazers_count":39,"open_issues_count":2,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-02-28T21:29:03.995Z","etag":null,"topics":["ail-framework","ail-yara-rules","information-disclosure","yara","yara-rules","yara-signatures"],"latest_commit_sha":null,"homepage":"","language":"YARA","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ail-project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-28T06:39:00.000Z","updated_at":"2025-02-09T20:19:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"9abe2ac0-6e9c-42ef-9bb1-0cc8a9004962","html_url":"https://github.com/ail-project/ail-yara-rules","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ail-project/ail-yara-rules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ail-project%2Fail-yara-rules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ail-project%2Fail-yara-rules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ail-project%2Fail-yara-rules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ail-project%2Fail-yara-rules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ail-project","download_url":"https://codeload.github.com/ail-project/ail-yara-rules/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ail-project%2Fail-yara-rules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30039884,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T06:58:30.252Z","status":"ssl_error","status_checked_at":"2026-03-03T06:58:15.329Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ail-framework","ail-yara-rules","information-disclosure","yara","yara-rules","yara-signatures"],"created_at":"2024-11-12T11:36:18.785Z","updated_at":"2026-03-03T09:31:46.295Z","avatar_url":"https://github.com/ail-project.png","language":"YARA","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ail-yara-rules\n\n![AIL Project](https://raw.githubusercontent.com/ail-project/ail-logos/master/ail-project-small.png)\n\nA set of YARA rules for the AIL framework to detect leak or information disclosure. This repository can be used by other tools.\n\n# YARA rules\n\n* [rules](./rules)\n     * [api-keys](./rules/api-keys)\n       * [aws_api.yar](./rules/api-keys/aws_api.yar)\n       * [discord_api.yar](./rules/api-keys/discord_api.yar)\n       * [generic_api.yar](./rules/api-keys/generic_api.yar)\n       * [github_api.yar](./rules/api-keys/github_api.yar)\n       * [github_homebrew.yar](./rules/api-keys/github_homebrew.yar)\n       * [github_jekyll.yar](./rules/api-keys/github_jekyll.yar)\n       * [google_api.yar](./rules/api-keys/google_api.yar)\n       * [heroku_api.yar](./rules/api-keys/heroku_api.yar)\n       * [pivotal_token.yar](./rules/api-keys/pivotal_token.yar)\n       * [shodan_api.yar](./rules/api-keys/shodan_api.yar)\n       * [slack_api.yar](./rules/api-keys/slack_api.yar)\n       * [twitter_api.yar](./rules/api-keys/twitter_api.yar)\n     * [b64_encoded](./rules/b64_encoded)\n       * [b64_docx.yar](./rules/b64_encoded/b64_docx.yar)\n       * [b64_doc.yar](./rules/b64_encoded/b64_doc.yar)\n       * [b64_elf.yar](./rules/b64_encoded/b64_elf.yar)\n       * [b64_exe.yar](./rules/b64_encoded/b64_exe.yar)\n       * [b64_gzip.yar](./rules/b64_encoded/b64_gzip.yar)\n       * [b64_rar.yar](./rules/b64_encoded/b64_rar.yar)\n       * [b64_rtf.yar](./rules/b64_encoded/b64_rtf.yar)\n       * [b64_url.yar](./rules/b64_encoded/b64_url.yar)\n       * [b64_xml_doc.yar](./rules/b64_encoded/b64_xml_doc.yar)\n       * [b64_zip.yar](./rules/b64_encoded/b64_zip.yar)\n     * [blacklist](./rules/blacklist)\n       * [default.yar](./rules/blacklist/default.yar)\n     * [classified](./rules/classified)\n       * [nato.yar](./rules/classified/nato.yar)\n       * [us.yar](./rules/classified/us.yar)\n     * [cloud](./rules/cloud)\n       * [aws_cli.yar](./rules/cloud/aws_cli.yar)\n       * [sw_bucket.yar](./rules/cloud/sw_bucket.yar)\n     * [code](./rules/code)\n       * [autoit.yar](./rules/code/autoit.yar)\n       * [hex_mz.yar](./rules/code/hex_mz.yar)\n       * [powershell.yar](./rules/code/powershell.yar)\n       * [vbscript.yar](./rules/code/vbscript.yar)\n     * [crypto](./rules/crypto)\n       * [certificate.yar](./rules/crypto/certificate.yar)\n     * [database](./rules/database)\n       * [db_connection.yar](./rules/database/db_connection.yar)\n       * [db_create_user.yar](./rules/database/db_create_user.yar)\n       * [db_structure.yar](./rules/database/db_structure.yar)\n     * [detection](./rules/detection)\n       * [avdetect.yar](./rules/detection/avdetect.yar)\n       * [dbgdetect_files.yar](./rules/detection/dbgdetect_files.yar)\n       * [dbgdetect_func.yar](./rules/detection/dbgdetect_func.yar)\n       * [dbgdetect_procs.yar](./rules/detection/dbgdetect_procs.yar)\n       * [sandboxdetect.yar](./rules/detection/sandboxdetect.yar)\n       * [vmdetect.yar](./rules/detection/vmdetect.yar)\n     * [keylogger](./rules/keylogger)\n       * [bunny_code.yar](./rules/keylogger/bunny_code.yar)\n       * [ducky_code.yar](./rules/keylogger/ducky_code.yar)\n     * [obfuscation](./rules/obfuscation)\n       * [php_obfuscation.yar](./rules/obfuscation/php_obfuscation.yar)\n     * [password](./rules/password)\n       * [amazon-credentials.yar](./rules/password/amazon-credentials.yar)\n       * [mlab.yar](./rules/password/mlab.yar)\n       * [salesforce.yar](./rules/password/salesforce.yar)\n       * [password_leak.yar](./rules/password/password_leak.yar)\n     * [stealer](./rules/stealer)\n         * [ailurophile.yara](./rules/stealer/ailurophile.yara)\n         * [arechclientv2.yara](./rules/stealer/arechclientv2.yara)\n         * [astris.yara](./rules/stealer/astris.yara)\n         * [atomic.yara](./rules/stealer/atomic.yara)\n         * [banshee.yara](./rules/stealer/banshee.yara)\n         * [blankgrabber.yara](./rules/stealer/blankgrabber.yara)\n         * [cryptbot.yara](./rules/stealer/cryptbot.yara)\n         * [darkcrystal.yara](./rules/stealer/darkcrystal.yara)\n         * [luca.yara](./rules/stealer/luca.yara)\n         * [lumma2.yara](./rules/stealer/lumma2.yara)\n         * [lumma.yara](./rules/stealer/lumma.yara)\n         * [meduza.yara](./rules/stealer/meduza.yara)\n         * [noxy.yara](./rules/stealer/noxy.yara)\n         * [phemedrone.yara](./rules/stealer/phemedrone.yara)\n         * [raccoon2.yara](./rules/stealer/raccoon2.yara)\n         * [raccoon.yara](./rules/stealer/raccoon.yara)\n         * [redline.yara](./rules/stealer/redline.yara)\n         * [risepro.yara](./rules/stealer/risepro.yara)\n         * [rlstealer.yara](./rules/stealer/rlstealer.yara)\n         * [skalka.yara](./rules/stealer/skalka.yara)\n         * [stealc.yara](./rules/stealer/stealc.yara)\n         * [stealerium.yara](./rules/stealer/stealerium.yara)\n         * [vidar.yara](./rules/stealer/vidar.yara)\n         * [xfiles.yara](./rules/stealer/xfiles.yara)\n\n# Contributors\n\n- kevthehermit via [PasteHunter](https://github.com/kevthehermit/PasteHunter) for the initial rule set licensed under the GNU General Public License\n- [AlienVault-Labs](https://github.com/AlienVault-Labs/AlienVaultLabs/tree/master/malware_rulesets/yara) for some additional rules\n- [what-is-this-stealer](https://github.com/MalBeacon/what-is-this-stealer/)\n- AIL Project contributors\n\n# License\n\nail-yara-rules is distributed under the AGPL if not specified or the original license of the rules.\n\n# Contribute\n\nIt's quite easy. Fork the repository, add or modify existing YARA rule and make a pull request. Please take a look at the directory name to map\nthe scope of the YARA rule.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fail-project%2Fail-yara-rules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fail-project%2Fail-yara-rules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fail-project%2Fail-yara-rules/lists"}