advanced-threat-research / yara-rules Goto Github PK
View Code? Open in Web Editor NEWRepository of YARA rules made by Trellix ATR Team
License: Apache License 2.0
Repository of YARA rules made by Trellix ATR Team
License: Apache License 2.0
The last several 64-bit Firefox install files are being flagged by this on VirusTotal.
Firefox Setup 81.0.exe
Firefox Setup 81.0.2.exe
and now Firefox Setup 82.0.exe
Have not checked 32-bit release files. All are available here: https://archive.mozilla.org/pub/firefox/releases/
Could you add UUID in the Yara-Rules ? I would like to import those in CyCAT and having a unique reference would help a lot.
Hi, is there any option to implement YARA Rules on McAfee's SIEM ?
Hello,
I just spotted that you have two rulesets for the same family RANSOM_Darkside.yar
and RANSOM_darkside.yar
. However, this file naming causes issues on systems with case-insensitive file systems, such as Windows. As a results, your repository cannot be properly cloned, etc. Consider unifying these two in one ruleset.
Thank you
I am a developer in the RINA Tech UK software team who authored a file which has been reported as "Gen:Variant.Lazy.398487" on virustotal.com by the Trellix (FireEye) engine, when 82% of anti-virus engines did not detect any issues. I believe the Trellix (FireEye) results to be a false positive.
I have uploaded it to a cloud storage service provided by my company:
https://depot.rina.org/access/kWvx5atetqkys4qoS5DWfMY2ch5n
[The password for the uploaded file is “infected” (without the double quotes)]
If you'd like any further information, please let me know.
Many thanks,
Clive
warning: rule "ransomware_sodinokibi" in .../RANSOM_Sodinokibi.yar(28): expression always false - requesting 8 of 4.
FYI:
/opt/yararules/Yara-Rules/APT/APT_hikit_rootkit_pdb.yar(8): error: syntax error, unexpected text string, expecting '='
/opt/yararules/Yara-Rules/APT/ixeshe_bled_pdb.yar(7): error: syntax error, unexpected text string, expecting '='
/opt/yararules/Yara-Rules/APT/APT_milum_wildpressure.yar(20): error: undefined identifier "pe"
On line 7 in the meta section, the field is using a colon as a separator instead of the required equal sign. Link to the line is below
FYI:
/opt/yararules/Yara-Rules/ransomware/RANSOM_RobbinHood.yar(2): error: syntax error, unexpected identifier, expecting '{'
/opt/yararules/Yara-Rules/ransomware/RANSOM_SamSam.yar(50): error: undefined identifier "pe"
/opt/yararules/Yara-Rules/ransomware/RANSOM_SamSam.yar(98): error: undefined identifier "pe"
/opt/yararules/Yara-Rules/ransomware/RANSOM_acroware.yar(0): error: syntax error, unexpected end of file, expecting '}'
/opt/yararules/Yara-Rules/ransomware/RANSOM_GPGQwerty.yar(8): error: syntax error, unexpected ':', expecting '='
/opt/yararules/Yara-Rules/ransomware/RANSOM_Magniber.yar(3): error: non-ascii character
/opt/yararules/Yara-Rules/ransomware/RANSOM_Magniber.yar(3): error: syntax error, unexpected end of file, expecting <condition>
FYI:
/opt/yararules/Yara-Rules/mobile/MOBILE_pwndroid5_downloader.yar(1): error: unknown module "androguard"
/opt/yararules/Yara-Rules/mobile/MOBILE_pwndroid5_downloader.yar(16): error: invalid field name "activity"
/opt/yararules/Yara-Rules/mobile/MOBILE_pwndroid5_downloader.yar(55): error: invalid field name "activity"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.