Skip to content

This repository contains my own simple `Yara-rules` to check specified binaries to categorize it by malware types.

License

Notifications You must be signed in to change notification settings

breadrock1/Simple-Yara-rules

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

Simple-Yara-rules

GitHub version License: MIT Awesome

What is YARA-Rules?

Yara

YARA rules are like a piece of programming language, they work by defining a number of variables that contain patterns found in a sample of malware. If some or all of the conditions are met, depending on the rule, then it can be used to successfully identify a piece of malware.

Requirements

Yara version 3.0 or higher is required for most of our rules to work. This is mainly due to the use of the "pe" module introduced in that version.

You can check your installed version with:

yara -v

Packages available in Ubuntu 14.04 LTS default repositories are too old. You can alternatively install from source or use the packages available in the Remnux repository.

Also, you will need Androguard Module if you want to use the rules in the 'mobile_malware' category.

Description own rules

We have deprecated mobile_malware rules that depend on Androguard Module because it seems an abandoned project. Check binaries and categorize malware by class. It's simple yara-rules which detect some suspicious strings into binaries by specified class.

These rules check following malware categorizations:

  • BBSRAT;
  • KeyLogger;
  • BackDoor;
  • MSOProtect;
  • Trojan;
  • Exploit;
  • Generic.

About

This repository contains my own simple `Yara-rules` to check specified binaries to categorize it by malware types.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages