Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/f0wl/yara_rules

A collection of yara rules that I created during analysis / for blog posts
https://github.com/f0wl/yara_rules

malware-analysis reverse-engineering threat-intelligence yara-rules

Last synced: 3 months ago
JSON representation

A collection of yara rules that I created during analysis / for blog posts

Host: GitHub
URL: https://github.com/f0wl/yara_rules
Owner: f0wl
License: mit
Created: 2021-01-09T16:21:36.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2022-03-03T11:18:35.000Z (over 2 years ago)
Last Synced: 2024-07-18T22:01:28.324Z (4 months ago)
Topics: malware-analysis, reverse-engineering, threat-intelligence, yara-rules
Language: YARA
Homepage: https://dissectingmalwa.re
Size: 34.2 KB
Stars: 9
Watchers: 1
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-yara - f0wl yara_rules

README

        # yara_rules

A collection of yara rules that I created during analysis / for blog posts

## Table of Contents

1. [Windows](https://github.com/f0wl/yara_rules/tree/main/windows)

    * 1.1 [Banker](https://github.com/f0wl/yara_rules/tree/main/windows/banker)

        * 1.1.1 [danabot_main.yar](https://github.com/f0wl/yara_rules/blob/main/windows/crypter/danabot_main.yar)

    * 1.2 [Crypter](https://github.com/f0wl/yara_rules/tree/main/windows/crypter)

        * 1.2.1 [huan_crypter.yar](https://github.com/f0wl/yara_rules/blob/main/windows/crypter/huan_crypter.yar)

        * 1.2.2 [zipExec_crypter.yar](https://github.com/f0wl/yara_rules/blob/main/windows/crypter/zipExec_crypter.yar)

    * 1.3 [Ransomware](https://github.com/f0wl/yara_rules/tree/main/windows/ransomware)

        * 1.3.1 [deathransom.yar](https://github.com/f0wl/yara_rules/blob/main/windows/ransomware/deathransom.yar)

        * 1.3.2 [germanwiper.yar](https://github.com/f0wl/yara_rules/blob/main/windows/ransomware/germanwiper.yar)

        * 1.3.3 [netwalker.yar](https://github.com/f0wl/yara_rules/blob/main/windows/ransomware/netwalker.yar)

        * 1.3.4 [wannacry.yar](https://github.com/f0wl/yara_rules/blob/main/windows/ransomware/wannacry.yar)

        * 1.3.5 [mountLockerV2_unpacked.yar](https://github.com/f0wl/yara_rules/blob/main/windows/ransomware/mountLockerV2_unpacked.yar)

    * 1.4 [UAC](https://github.com/f0wl/yara_rules/tree/main/windows/uac)

        * 1.4.1 [ICMLuaUtil_UACMe_M41.yar](https://github.com/f0wl/yara_rules/blob/main/windows/uac/ICMLuaUtil_UACMe_M41.yar)

2. [Linux](https://github.com/f0wl/yara_rules/tree/main/linux)

    * 2.1 [Crypter](https://github.com/f0wl/yara_rules/tree/main/linux/crypter)

        * 2.1.1 [ezuri_revised.yar](https://github.com/f0wl/yara_rules/blob/main/linux/crypter/ezuri_revised.yar)

    * 2.2 [Ransomware](https://github.com/f0wl/yara_rules/tree/main/linux/ransomware)

        * 2.2.1 [revil_linux.yar](https://github.com/f0wl/yara_rules/blob/main/linux/ransomware/revil_linux.yar)

3. [Other](https://github.com/f0wl/yara_rules/tree/main/other)

    * 3.1 [ESXi](https://github.com/f0wl/yara_rules/tree/main/other/ESXi)

        * 3.1.1 [esxi_commands_ransomware.yar](https://github.com/f0wl/yara_rules/blob/main/other/ESXi/esxi_commands_ransomware.yar)

        * 3.1.2 [blackmatter_linux_encryptor.yar](https://github.com/f0wl/yara_rules/blob/main/other/ESXi/blackmatter_linux_encryptor.yar)

        * 3.1.3 [blackmatter_linux_decryptor.yar](https://github.com/f0wl/yara_rules/blob/main/other/ESXi/blackmatter_linux_decryptor.yar)