A repo containing some of my privately developed Yara rules.

To contribute to the community.

Of course! That's why I created this repo.

You can use them in your detection systems. For example, CAPE sandbox uses these rules.

All rules are TLP:White, so you can use and distribute them freely.

v3.3.0 is minimally needed, as some rules may require a specific module. Note that it's recommended to always use the latest Yara version as found here

If you spot an issue or improvement with one of the rules, feel free to submit a PR!

From the official Github repo, https://github.com/VirusTotal/yara:

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.

More information: https://yara.readthedocs.io/en/stable/index.html

The Traffic Light Protocol (TLP) was created in order to facilitate greater sharing of information.

The rules in this repo are TLP:White.

Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.

More information: https://www.us-cert.gov/tlp

InQuest has made a Github repo which contains a curated list of Yara rules. It can be found here: https://github.com/InQuest/awesome-yara