Mobile rules based on Androguard are now deprecated. Folders were renamed. Index regenerated.

.travis.yml

 language: c
 sudo: required
-#dist: trusty
+
 before_install:
   - sudo apt-get -qq update
-  - sudo apt-get install jq
+  - sudo apt-get install -y \
+    automake \
+    libtool \
+    make \
+    gcc \
+    pkg-config \
+    flex \
+    bison \
+    libjansson-dev \
+    libmagic-dev \
+    libssl-dev \
+    jq
 # Yara
   - wget $(curl -s https://api.github.com/repos/VirusTotal/yara/releases/latest | jq -r ".tarball_url") -O yara.tar.gz
-  #- wget $(wget -O - https://api.github.com/repos/VirusTotal/yara/releases/9250110 | jq -r ".tarball_url") -O yara.tar.gz
   - mkdir yara
   - tar -C yara -xzvf yara.tar.gz --strip-components 1
-# Androguard for Yara
-  - wget https://raw.githubusercontent.com/Koodous/androguard-yara/master/androguard.c -O yara/libyara/modules/androguard.c
-  - wget https://raw.githubusercontent.com/Koodous/androguard-yara/master/dist/yara-3.7.0/libyara/modules/module_list -O yara/libyara/modules/module_list
-  - wget https://raw.githubusercontent.com/Koodous/androguard-yara/master/dist/yara-3.7.0/libyara/Makefile.am -O yara/libyara/Makefile.am
-# libjansson
-  - wget http://www.digip.org/jansson/releases/jansson-2.7.tar.gz
-  - tar -xzvf jansson-2.7.tar.gz
-  - cd jansson-2.7
-  - ./configure
-  - make
-  - sudo make install
-
 # Compile Yara
   - cd ../yara
   # Update per issue 176
-  - sed -i 's/#define RE_MAX_SPLIT_ID     128/#define RE_MAX_SPLIT_ID     255/g' libyara/re.c
+  - sed -i 's/#define RE_MAX_SPLIT_ID     128/#define RE_MAX_SPLIT_ID     255/g' libyara/include/yara/limits.h
   - ./bootstrap.sh
-  - ./configure --enable-cuckoo
+  - ./configure --enable-cuckoo --enable-magic --with-crypto
   - make
   - sudo make install
   - sudo ldconfig
@@ -34,8 +32,6 @@ before_install:
 
 script:
   - echo "test" > testfile
-  - echo "{}" > androguard_report.json
   - FALLO=0
-#  - for j in $(ls -d */); do for i in $(find $j -type f -name "*.yara" ; find $j -type f -name "*.yar"); do echo $i; yara -x androguard=androguard_report.json $i testfile; if [[ $? -ne 0 ]]; then FALLO=1; fi; done; done
-  - for i in $(ls *_index.yar); do echo $i; yara -w -x androguard=androguard_report.json $i testfile; if [[ $? -ne 0 ]]; then FALLO=1; fi; done
+  - for i in $(ls *_index.yar); do echo $i; yara -w $i testfile; if [[ $? -ne 0 ]]; then FALLO=1; fi; done
   - exit $FALLO

Antidebug_AntiVM_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Antidebug_AntiVM/antidebug_antivm.yar"
+include "./antidebug_antivm/antidebug_antivm.yar"

CVE_Rules_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./CVE_Rules/CVE-2010-0805.yar"
-include "./CVE_Rules/CVE-2010-0887.yar"
-include "./CVE_Rules/CVE-2010-1297.yar"
-include "./CVE_Rules/CVE-2012-0158.yar"
-include "./CVE_Rules/CVE-2013-0074.yar"
-include "./CVE_Rules/CVE-2013-0422.yar"
-include "./CVE_Rules/CVE-2015-1701.yar"
-include "./CVE_Rules/CVE-2015-2426.yar"
-include "./CVE_Rules/CVE-2015-2545.yar"
-include "./CVE_Rules/CVE-2015-5119.yar"
-include "./CVE_Rules/CVE-2016-5195.yar"
-include "./CVE_Rules/CVE-2017-11882.yar"
-include "./CVE_Rules/CVE-2018-20250.yar"
-include "./CVE_Rules/CVE-2018-4878.yar"
+include "./cve_rules/CVE-2010-0805.yar"
+include "./cve_rules/CVE-2010-0887.yar"
+include "./cve_rules/CVE-2010-1297.yar"
+include "./cve_rules/CVE-2012-0158.yar"
+include "./cve_rules/CVE-2013-0074.yar"
+include "./cve_rules/CVE-2013-0422.yar"
+include "./cve_rules/CVE-2015-1701.yar"
+include "./cve_rules/CVE-2015-2426.yar"
+include "./cve_rules/CVE-2015-2545.yar"
+include "./cve_rules/CVE-2015-5119.yar"
+include "./cve_rules/CVE-2016-5195.yar"
+include "./cve_rules/CVE-2017-11882.yar"
+include "./cve_rules/CVE-2018-20250.yar"
+include "./cve_rules/CVE-2018-4878.yar"

Capabilities_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Capabilities/capabilities.yar"
+include "./capabilities/capabilities.yar"

Crypto_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Crypto/crypto_signatures.yar"
+include "./crypto/crypto_signatures.yar"

Exploit-Kits_index.yar

-/*
-Generated by Yara-Rules
-On 26-11-2019
-*/
-include "./Exploit-Kits/EK_Angler.yar"
-include "./Exploit-Kits/EK_Blackhole.yar"
-include "./Exploit-Kits/EK_BleedingLife.yar"
-include "./Exploit-Kits/EK_Crimepack.yar"
-include "./Exploit-Kits/EK_Eleonore.yar"
-include "./Exploit-Kits/EK_Fragus.yar"
-include "./Exploit-Kits/EK_Phoenix.yar"
-include "./Exploit-Kits/EK_Sakura.yar"
-include "./Exploit-Kits/EK_ZeroAcces.yar"
-include "./Exploit-Kits/EK_Zerox88.yar"
-include "./Exploit-Kits/EK_Zeus.yar"

Malicious_Documents_index.yar

-/*
-Generated by Yara-Rules
-On 26-11-2019
-*/
-include "./Malicious_Documents/Maldoc_APT10_MenuPass.yar"
-include "./Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar"
-include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
-include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
-include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
-include "./Malicious_Documents/Maldoc_DDE.yar"
-include "./Malicious_Documents/Maldoc_Dridex.yar"
-include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
-include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
-include "./Malicious_Documents/Maldoc_PDF.yar"
-include "./Malicious_Documents/Maldoc_PowerPointMouse.yar"
-include "./Malicious_Documents/Maldoc_Suspicious_OLE_target.yar"
-include "./Malicious_Documents/Maldoc_UserForm.yar"
-include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
-include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
-include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
-include "./Malicious_Documents/maldoc_somerules.yar"

Mobile_Malware_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Mobile_Malware/Android_ASSDdeveloper.yar"
-include "./Mobile_Malware/Android_AVITOMMS.yar"
-include "./Mobile_Malware/Android_AliPay_smsStealer.yar"
-include "./Mobile_Malware/Android_Amtrckr_20160519.yar"
-include "./Mobile_Malware/Android_Backdoor.yar"
-include "./Mobile_Malware/Android_Backdoor_script.yar"
-include "./Mobile_Malware/Android_BadMirror.yar"
-include "./Mobile_Malware/Android_Banker_Acecard.yar"
-include "./Mobile_Malware/Android_BatteryBot_ClickFraud.yar"
-include "./Mobile_Malware/Android_Clicker_G.yar"
-include "./Mobile_Malware/Android_Copy9.yar"
-include "./Mobile_Malware/Android_DeathRing.yar"
-include "./Mobile_Malware/Android_Dectus_rswm.yar"
-include "./Mobile_Malware/Android_Dendroid_RAT.yar"
-include "./Mobile_Malware/Android_Dogspectus.yar"
-include "./Mobile_Malware/Android_FakeApps.yar"
-include "./Mobile_Malware/Android_FakeBank_Fanta.yar"
-include "./Mobile_Malware/Android_Godless.yar"
-include "./Mobile_Malware/Android_HackintTeam_Implant.yar"
-include "./Mobile_Malware/Android_Libyan_Scorpions.yar"
-include "./Mobile_Malware/Android_MalwareCertificates.yar"
-include "./Mobile_Malware/Android_Malware_Ramsonware.yar"
-include "./Mobile_Malware/Android_Malware_Tinhvan.yar"
-include "./Mobile_Malware/Android_Malware_Towelroot.yar"
-include "./Mobile_Malware/Android_Marcher_2.yar"
-include "./Mobile_Malware/Android_MazarBot_z.yar"
-include "./Mobile_Malware/Android_Metasploit.yar"
-include "./Mobile_Malware/Android_Metasploit_Payload.yar"
-include "./Mobile_Malware/Android_OmniRat.yar"
-include "./Mobile_Malware/Android_Overlayer.yar"
-include "./Mobile_Malware/Android_Pink_Locker.yar"
-include "./Mobile_Malware/Android_Polish_Bankbot.yar"
-include "./Mobile_Malware/Android_RuMMS.yar"
-include "./Mobile_Malware/Android_SMSFraud.yar"
-include "./Mobile_Malware/Android_SandroRat.yar"
-include "./Mobile_Malware/Android_SlemBunk.yar"
-include "./Mobile_Malware/Android_SpyAgent.yar"
-include "./Mobile_Malware/Android_SpyNote.yar"
-include "./Mobile_Malware/Android_Spynet.yar"
-include "./Mobile_Malware/Android_Spywaller.yar"
-include "./Mobile_Malware/Android_Switcher.yar"
-include "./Mobile_Malware/Android_Tachi.yar"
-include "./Mobile_Malware/Android_Tempting_Cedar_Spyware.yar"
-include "./Mobile_Malware/Android_Tordow.yar"
-include "./Mobile_Malware/Android_Triada_Banking.yar"
-include "./Mobile_Malware/Android_Trojan_Dendroid.yar"
-include "./Mobile_Malware/Android_Trojan_Droidjack.yar"
-include "./Mobile_Malware/Android_VikingOrder.yar"
-include "./Mobile_Malware/Android_VirusPolicia.yar"
-include "./Mobile_Malware/Android_adware.yar"
-include "./Mobile_Malware/Android_generic_adware.yar"
-include "./Mobile_Malware/Android_generic_smsfraud.yar"
-include "./Mobile_Malware/Android_malware_Advertising.yar"
-include "./Mobile_Malware/Android_malware_ChinesePorn.yar"
-include "./Mobile_Malware/Android_malware_Dropper.yar"
-include "./Mobile_Malware/Android_malware_Fake_MosKow.yar"
-include "./Mobile_Malware/Android_malware_HackingTeam.yar"
-include "./Mobile_Malware/Android_malware_SMSsender.yar"
-include "./Mobile_Malware/Android_malware_banker.yar"
-include "./Mobile_Malware/Android_malware_xbot007.yar"
-include "./Mobile_Malware/Android_mapin.yar"
-include "./Mobile_Malware/Android_pornClicker.yar"
-include "./Mobile_Malware/Android_sk_bankTr.yar"

Packers_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Packers/JJencode.yar"
-include "./Packers/Javascript_exploit_and_obfuscation.yar"
-include "./Packers/packer.yar"
-include "./Packers/packer_compiler_signatures.yar"
-include "./Packers/peid.yar"
+include "./packers/JJencode.yar"
+include "./packers/Javascript_exploit_and_obfuscation.yar"
+include "./packers/packer.yar"
+include "./packers/packer_compiler_signatures.yar"
+include "./packers/peid.yar"

README.md

@@ -14,8 +14,6 @@ If you’re interested in sharing your Yara rules with us and the Security Commu
 
 Twitter account: https://twitter.com/yararules
 
-Mailing list : http://list.yararules.com/mailman/listinfo/yararules.com.signatures
-
 # Requirements
 
 Yara **version 3.0** or higher is required for most of our rules to work. This is mainly due to the use of the "pe" module introduced in that version.
@@ -24,7 +22,9 @@ You can check your installed version with `yara -v`
 
 Packages available in Ubuntu 14.04 LTS default repositories are too old.  You can alternatively install from source or use the packages available in the [Remnux repository](https://launchpad.net/~remnux/+archive/ubuntu/stable).
 
-Also, you will need [Androguard Module](https://github.com/Koodous/androguard-yara) if you want to use the rules in the 'mobile_malware' category.
+~~Also, you will need [Androguard Module](https://github.com/Koodous/androguard-yara) if you want to use the rules in the 'mobile_malware' category.~~
+
+We have deprecated mobile_malware rules that depend on Androguard Module because it seems an abandoned project.
 
 # Categories
 
@@ -36,7 +36,7 @@ In this section you will find Yara Rules aimed toward the detection of anti-debu
 
 In this section you will find Yara rules to detect capabilities that do not fit into any of the other categories.  They are useful to know for analysis but may not be malicious indicators on their own.
 
-## CVE_Rules
+## CVE Rules
 
 In this section you will find Yara Rules specialised toward the identification of specific Common Vulnerabilities and Exposures (CVEs)
 
@@ -72,9 +72,9 @@ In this section you will find Yara rules specialised toward the identification o
 
 In this section you will find Yara rules specialised toward the identification of well-known mobile malware.
 
-Many rules in this section use the Androguard module developed by the people over at https://koodous.com/.
+## Deprecated
 
-You can get it, along with installation instructions, at https://github.com/Koodous/androguard-yara
+In this section you will find Yara rules deprecated.
 
 # Contact
 
@@ -82,4 +82,3 @@ Webpage: http://yararules.com
 
 Twitter account: https://twitter.com/yararules
 
-Mail list : http://list.yararules.com/mailman/listinfo/yararules.com.signatures

Webshells_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Webshells/WShell_APT_Laudanum.yar"
-include "./Webshells/WShell_ASPXSpy.yar"
-include "./Webshells/WShell_PHP_Anuna.yar"
-include "./Webshells/WShell_PHP_in_images.yar"
-include "./Webshells/WShell_THOR_Webshells.yar"
-include "./Webshells/Wshell_ChineseSpam.yar"
-include "./Webshells/Wshell_fire2013.yar"
-include "./Webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_APT_Laudanum.yar"
+include "./webshells/WShell_ASPXSpy.yar"
+include "./webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_PHP_Anuna.yar"
+include "./webshells/WShell_PHP_in_images.yar"
+include "./webshells/WShell_THOR_Webshells.yar"
+include "./webshells/Wshell_ChineseSpam.yar"
+include "./webshells/Wshell_fire2013.yar"

email_index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
 include "./email/EMAIL_Cryptowall.yar"
 include "./email/attachment.yar"

exploit_kits_index.yar

+/*
+Generated by Yara-Rules
+On 08-01-2020
+*/
+include "./exploit_kits/EK_Angler.yar"
+include "./exploit_kits/EK_Blackhole.yar"
+include "./exploit_kits/EK_BleedingLife.yar"
+include "./exploit_kits/EK_Crimepack.yar"
+include "./exploit_kits/EK_Eleonore.yar"
+include "./exploit_kits/EK_Fragus.yar"
+include "./exploit_kits/EK_Phoenix.yar"
+include "./exploit_kits/EK_Sakura.yar"
+include "./exploit_kits/EK_ZeroAcces.yar"
+include "./exploit_kits/EK_Zerox88.yar"
+include "./exploit_kits/EK_Zeus.yar"

index.yar

 /*
 Generated by Yara-Rules
-On 26-11-2019
+On 08-01-2020
 */
-include "./Antidebug_AntiVM/antidebug_antivm.yar"
-include "./CVE_Rules/CVE-2010-0805.yar"
-include "./CVE_Rules/CVE-2010-0887.yar"
-include "./CVE_Rules/CVE-2010-1297.yar"
-include "./CVE_Rules/CVE-2012-0158.yar"
-include "./CVE_Rules/CVE-2013-0074.yar"
-include "./CVE_Rules/CVE-2013-0422.yar"
-include "./CVE_Rules/CVE-2015-1701.yar"
-include "./CVE_Rules/CVE-2015-2426.yar"
-include "./CVE_Rules/CVE-2015-2545.yar"
-include "./CVE_Rules/CVE-2015-5119.yar"
-include "./CVE_Rules/CVE-2016-5195.yar"
-include "./CVE_Rules/CVE-2017-11882.yar"
-include "./CVE_Rules/CVE-2018-20250.yar"
-include "./CVE_Rules/CVE-2018-4878.yar"
-include "./Capabilities/capabilities.yar"
-include "./Crypto/crypto_signatures.yar"
-include "./Exploit-Kits/EK_Angler.yar"
-include "./Exploit-Kits/EK_Blackhole.yar"
-include "./Exploit-Kits/EK_BleedingLife.yar"
-include "./Exploit-Kits/EK_Crimepack.yar"
-include "./Exploit-Kits/EK_Eleonore.yar"
-include "./Exploit-Kits/EK_Fragus.yar"
-include "./Exploit-Kits/EK_Phoenix.yar"
-include "./Exploit-Kits/EK_Sakura.yar"
-include "./Exploit-Kits/EK_ZeroAcces.yar"
-include "./Exploit-Kits/EK_Zerox88.yar"
-include "./Exploit-Kits/EK_Zeus.yar"
-include "./Malicious_Documents/Maldoc_APT10_MenuPass.yar"
-include "./Malicious_Documents/Maldoc_APT19_CVE-2017-1099.yar"
-include "./Malicious_Documents/Maldoc_APT_OLE_JSRat.yar"
-include "./Malicious_Documents/Maldoc_CVE-2017-0199.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_11882.yar"
-include "./Malicious_Documents/Maldoc_CVE_2017_8759.yar"
-include "./Malicious_Documents/Maldoc_Contains_VBE_File.yar"
-include "./Malicious_Documents/Maldoc_DDE.yar"
-include "./Malicious_Documents/Maldoc_Dridex.yar"
-include "./Malicious_Documents/Maldoc_Hidden_PE_file.yar"
-include "./Malicious_Documents/Maldoc_MIME_ActiveMime_b64.yar"
-include "./Malicious_Documents/Maldoc_PDF.yar"
-include "./Malicious_Documents/Maldoc_PowerPointMouse.yar"
-include "./Malicious_Documents/Maldoc_Suspicious_OLE_target.yar"
-include "./Malicious_Documents/Maldoc_UserForm.yar"
-include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
-include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
-include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
-include "./Malicious_Documents/maldoc_somerules.yar"
-include "./Packers/JJencode.yar"
-include "./Packers/Javascript_exploit_and_obfuscation.yar"
-include "./Packers/packer.yar"
-include "./Packers/packer_compiler_signatures.yar"
-include "./Packers/peid.yar"
-include "./Webshells/WShell_APT_Laudanum.yar"
-include "./Webshells/WShell_ASPXSpy.yar"
-include "./Webshells/WShell_PHP_Anuna.yar"
-include "./Webshells/WShell_PHP_in_images.yar"
-include "./Webshells/WShell_THOR_Webshells.yar"
-include "./Webshells/Wshell_ChineseSpam.yar"
-include "./Webshells/Wshell_fire2013.yar"
+include "./antidebug_antivm/antidebug_antivm.yar"
+include "./capabilities/capabilities.yar"
+include "./crypto/crypto_signatures.yar"
+include "./cve_rules/CVE-2010-0805.yar"
+include "./cve_rules/CVE-2010-0887.yar"
+include "./cve_rules/CVE-2010-1297.yar"
+include "./cve_rules/CVE-2012-0158.yar"
+include "./cve_rules/CVE-2013-0074.yar"
+include "./cve_rules/CVE-2013-0422.yar"
+include "./cve_rules/CVE-2015-1701.yar"
+include "./cve_rules/CVE-2015-2426.yar"
+include "./cve_rules/CVE-2015-2545.yar"
+include "./cve_rules/CVE-2015-5119.yar"
+include "./cve_rules/CVE-2016-5195.yar"
+include "./cve_rules/CVE-2017-11882.yar"
+include "./cve_rules/CVE-2018-20250.yar"
+include "./cve_rules/CVE-2018-4878.yar"
 include "./email/EMAIL_Cryptowall.yar"
 include "./email/attachment.yar"
 include "./email/bank_rule.yar"
@@ -68,6 +26,36 @@ include "./email/email_Ukraine_BE_powerattack.yar"
 include "./email/image.yar"
 include "./email/scam.yar"
 include "./email/urls.yar"
+include "./exploit_kits/EK_Angler.yar"
+include "./exploit_kits/EK_Blackhole.yar"
+include "./exploit_kits/EK_BleedingLife.yar"
+include "./exploit_kits/EK_Crimepack.yar"
+include "./exploit_kits/EK_Eleonore.yar"
+include "./exploit_kits/EK_Fragus.yar"
+include "./exploit_kits/EK_Phoenix.yar"
+include "./exploit_kits/EK_Sakura.yar"
+include "./exploit_kits/EK_ZeroAcces.yar"
+include "./exploit_kits/EK_Zerox88.yar"
+include "./exploit_kits/EK_Zeus.yar"
+include "./maldocs/Maldoc_APT10_MenuPass.yar"
+include "./maldocs/Maldoc_APT19_CVE-2017-1099.yar"
+include "./maldocs/Maldoc_APT_OLE_JSRat.yar"
+include "./maldocs/Maldoc_CVE-2017-0199.yar"
+include "./maldocs/Maldoc_CVE_2017_11882.yar"
+include "./maldocs/Maldoc_CVE_2017_8759.yar"
+include "./maldocs/Maldoc_Contains_VBE_File.yar"
+include "./maldocs/Maldoc_DDE.yar"
+include "./maldocs/Maldoc_Dridex.yar"
+include "./maldocs/Maldoc_Hidden_PE_file.yar"
+include "./maldocs/Maldoc_MIME_ActiveMime_b64.yar"
+include "./maldocs/Maldoc_PDF.yar"
+include "./maldocs/Maldoc_PowerPointMouse.yar"
+include "./maldocs/Maldoc_Suspicious_OLE_target.yar"
+include "./maldocs/Maldoc_UserForm.yar"
+include "./maldocs/Maldoc_VBA_macro_code.yar"
+include "./maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar"
+include "./maldocs/Maldoc_malrtf_ole2link.yar"
+include "./maldocs/maldoc_somerules.yar"
 include "./malware/000_common_rules.yar"
 include "./malware/APT_APT1.yar"
 include "./malware/APT_APT10.yar"
@@ -204,6 +192,7 @@ include "./malware/MALW_Exploit_UAC_Elevators.yar"
 include "./malware/MALW_Ezcob.yar"
 include "./malware/MALW_F0xy.yar"
 include "./malware/MALW_FALLCHILL.yar"
+include "./malware/MALW_FUDCrypt.yar"
 include "./malware/MALW_FakeM.yar"
 include "./malware/MALW_Fareit.yar"
 include "./malware/MALW_Favorite.yar"
@@ -240,6 +229,7 @@ include "./malware/MALW_LinuxMoose.yar"
 include "./malware/MALW_LostDoor.yar"
 include "./malware/MALW_LuaBot.yar"
 include "./malware/MALW_LuckyCat.yar"
+include "./malware/MALW_MSILStealer.yar"
 include "./malware/MALW_MacControl.yar"
 include "./malware/MALW_Madness.yar"
 include "./malware/MALW_Magento_backend.yar"
@@ -390,6 +380,7 @@ include "./malware/RANSOM_GPGQwerty.yar"
 include "./malware/RANSOM_GoldenEye.yar"
 include "./malware/RANSOM_Locky.yar"
 include "./malware/RANSOM_MS17-010_Wannacrypt.yar"
+include "./malware/RANSOM_Maze.yar"
 include "./malware/RANSOM_PetrWrap.yar"
 include "./malware/RANSOM_Petya.yar"
 include "./malware/RANSOM_SamSam.yar"
@@ -443,3 +434,16 @@ include "./malware/TOOLKIT_Pwdump.yar"
 include "./malware/TOOLKIT_THOR_HackTools.yar"
 include "./malware/TOOLKIT_Wineggdrop.yar"
 include "./malware/TOOLKIT_exe2hex_payload.yar"
+include "./packers/JJencode.yar"
+include "./packers/Javascript_exploit_and_obfuscation.yar"
+include "./packers/packer.yar"
+include "./packers/packer_compiler_signatures.yar"
+include "./packers/peid.yar"
+include "./webshells/WShell_APT_Laudanum.yar"
+include "./webshells/WShell_ASPXSpy.yar"
+include "./webshells/WShell_Drupalgeddon2_icos.yar"
+include "./webshells/WShell_PHP_Anuna.yar"
+include "./webshells/WShell_PHP_in_images.yar"
+include "./webshells/WShell_THOR_Webshells.yar"
+include "./webshells/Wshell_ChineseSpam.yar"
+include "./webshells/Wshell_fire2013.yar"

index_gen.sh

@@ -2,7 +2,8 @@
 
 function get_folders {
     local INDECES=()
-    for folder in $(ls -d */ | grep -v utils); do
+    AVOID="utils|deprecated"
+    for folder in $(ls -d */ | grep -vE $AVOID); do
         INDECES+="$folder "
     done
     INDECES+=". "
@@ -18,7 +19,7 @@ function gen_index {
         echo -e "/*$4*/" > $IDX_NAME
     fi
     OS=$(uname)
-    AVOID="_?index.yara?|index_|utils"
+    AVOID="_?index.yara?|index_|utils|deprecated"
     if [ x"$BASE" == x"." ]; then
         if [ $INC_MOBILE == false ]; then
             AVOID+="|Mobile"