Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/phbiohazard/Yara
Rules detections contributions
https://github.com/phbiohazard/Yara
Last synced: about 1 month ago
JSON representation
Rules detections contributions
- Host: GitHub
- URL: https://github.com/phbiohazard/Yara
- Owner: phbiohazard
- Created: 2015-03-24T13:50:22.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-04-13T18:01:00.000Z (8 months ago)
- Last Synced: 2024-04-14T01:07:00.139Z (8 months ago)
- Size: 11.3 MB
- Stars: 3
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-soc - Yara rules repo
README
# Yara rules UPDATED twice a day
Spectific rules for specific needs on files detections.The particularity of SPECTRE.PTN is that it uses the YARA engine to try to detect the SHA256 of malicious codes that are present in the file system.
Most of the hashes come from ABUSE.CH but some are added according to our needs.
We found some false positives so that's why we use our false positive database of over 70,000 entries that is running before the SPECTRE.PTN file is generated, which minimizes the risk of irrelevant alerts.SPECTRE.PTN is updated every 12 hours 7 days a week.
To optimize scanning time, do not scan the Windows directory unless you believe it is necessary.
To scan with spectre.ptn, use the USERS directories, including the network directories and especially %APPDATA%, which is a hidden directory under the Windowws\Users directory
HOW TO USE:
----------
Syntaxe : Yara -r spectre.ptn c:\directoryPlease check YARA documentation for the syntax under Linux OS.
Tested with YARA v3.2.0 & v4.2.2
---Thanks---
Thanks for the ABUSE.CH DB that is the main contents of the spectre.ptn
A big thanks for the contribution of Benoit Deries that is followed the project instructions from Marc Blanchard