Commits · 0de1aee46db299e2af7c24d597df0679cc834fcd · fact-depend / rules

27 Jun, 2020 1 commit

Move MicrosoftVisualCV80 rule from packer.yar to packer_complier_signatures.yar… · 0de1aee4

Move MicrosoftVisualCV80 rule from packer.yar to packer_complier_signatures.yar replacing the commented out rule.

Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>

authored Jun 27, 2020

0de1aee4 Browse Files

21 Jun, 2020 7 commits
- Index updated · be978081
  yararules authored Jun 21, 2020
  
  be978081 Browse Files
- Merge pull request #361 from wesinator/patch-1 · 396f1f86
```
fix blackhole php regex
```
  Jaume Martin authored Jun 22, 2020
  396f1f86 Browse Files
- Merge pull request #377 from baderj/asyncrat · 84fcc938
```
new yara rule for AsyncRAT
```
  Jaume Martin authored Jun 22, 2020
  84fcc938 Browse Files
- Merge pull request #378 from Nishan8583/master · 3ea8928a
```
Snake Ransomware yara rule
```
  Jaume Martin authored Jun 22, 2020
  3ea8928a Browse Files
- Merge pull request #379 from spaddex/master · a8fbcc4c
```
Renamed poetRAT to avoid dupes + adjusted criteria
```
  Jaume Martin authored Jun 22, 2020
  a8fbcc4c Browse Files
- Index updated · b5a4ec3f
  yararules authored Jun 21, 2020
  
  b5a4ec3f Browse Files
- Merge pull request #381 from RandomRhythm/master · f5202d61
```
add .yar extension to the following email rules and add to indexes:
```
  Jaume Martin authored Jun 21, 2020
  f5202d61 Browse Files
10 Jun, 2020 1 commit

add .yar extension to the following rules and add to indexes: · 1a3d2425

Email_fake_it_maintenance_bulletin
Email_generic_phishing.yar
Email_quota_limit_warning.yar

Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>

authored Jun 09, 2020

1a3d2425 Browse Files

23 May, 2020 1 commit

Renamed poetRAT to avoid dupes + adjusted critera · 4c8e2a5f

The regex for RAT_PoetRATPython was generating false positives. Adjusted
rule to need hits on at least 3 of the strings

authored May 23, 2020

4c8e2a5f Browse Files

15 May, 2020 1 commit
- Snake Ransomware yara rule · 2d9f8ffe
  Nishan8583 authored May 15, 2020
  
  2d9f8ffe Browse Files
14 May, 2020 1 commit
- new yara rule for AsyncRAT · fa6941b0
  Johannes Bader authored May 14, 2020
  
  fa6941b0 Browse Files
12 May, 2020 3 commits
- Index updated · a1005b74
  yararules authored May 12, 2020
  
  a1005b74 Browse Files
- Merge pull request #376 from milannshrestha/patch-2 · cf7bc5e0
```
Create extortion_email.yar
```
  Jaume Martin authored May 12, 2020
  cf7bc5e0 Browse Files
- Create extortion_email.yar · a079d8ba
  Milann SHRESTHA authored May 12, 2020
  
  a079d8ba Browse Files
07 May, 2020 3 commits
- Index updated · eec22d25
  yararules authored May 07, 2020
  
  eec22d25 Browse Files
- Merge pull request #373 from Nishan8583/master · d72154be
```
Poet Rat Rules
```
  Jaume Martin authored May 07, 2020
  d72154be Browse Files
- Rules updated to be more focused on the malware as requested · 35db229a
  Nishan8583 authored May 07, 2020
  
  35db229a Browse Files
06 May, 2020 6 commits
- Merge pull request #375 from sylvainpelissier/keccak · b219ed24
```
Add SHA3 (Keccak) round constants
```
  Jaume Martin authored May 06, 2020
  b219ed24 Browse Files
- Add SHA3 (Keccak) round constants · 960b0cd6
  Sylvain Pelissier authored May 06, 2020
  
  960b0cd6 Browse Files
- Index updated · 8b93f1fd
  yararules authored May 06, 2020
  
  8b93f1fd Browse Files
- Merge pull request #374 from unamuno/patch-1 · 11c76bf5
```
Add ipv6 support
```
  Jaume Martin authored May 06, 2020
  11c76bf5 Browse Files
- Add ipv6 support · e121fffc
```
The IP Rule is lacking IPv6 support.
```
  Merlin authored May 06, 2020
  e121fffc Browse Files
- Poet Rat Rules · 39a0cc1e
  Nishan8583 authored May 06, 2020
  
  39a0cc1e Browse Files
20 Apr, 2020 1 commit
- Merge remote-tracking branch 'upstream/master' into patch-1 · 842dd653
  wesinator authored Apr 20, 2020
  
  842dd653 Browse Files
24 Feb, 2020 3 commits
- Renamed Njrat to Njrat2 in terms to avoid conflicts · 2bb79cb6
  Jaume Martin authored Feb 24, 2020
  
  2bb79cb6 Browse Files
- Index updated · 51ce0043
  yararules authored Feb 24, 2020
  
  51ce0043 Browse Files
- Merge pull request #371 from utkonos/patch-1 · 10baa7ef
```
Add detection for hex encoded text PEs
```
  Jaume Martin authored Feb 24, 2020
  10baa7ef Browse Files
01 Feb, 2020 1 commit

Add detection for hex encoded text PEs · 6d3fa171

References:
https://blog.reversinglabs.com/blog/rats-in-the-library
https://twitter.com/ItsReallyNick/status/1222985472139579392

authored Feb 01, 2020

6d3fa171 Browse Files

27 Jan, 2020 3 commits
- Merge pull request #356 from utkonos/master · 00994cbf
```
Replace all 2+ byte wildcards with jumps
```
  Jaume Martin authored Jan 27, 2020
  00994cbf Browse Files
- Index updated · b6a1f8ca
  yararules authored Jan 27, 2020
  
  b6a1f8ca Browse Files
- Merge pull request #369 from sylvainpelissier/master · b5e782c4
```
Add signature for some known elliptic curve orders
```
  Jaume Martin authored Jan 27, 2020
  b5e782c4 Browse Files
18 Jan, 2020 3 commits
- Index updated · a7bcbb7b
  yararules authored Jan 18, 2020
  
  a7bcbb7b Browse Files
- Merge pull request #368 from knowmalware/move_to_capabilities2 · 87e9b46f
```
Move more generic rules to capabilities category.
```
  Jaume Martin authored Jan 18, 2020
  87e9b46f Browse Files
- Merge branch 'master' of github.com:Yara-Rules/rules · d9dec500
  Malware Utkonos authored Jan 18, 2020
  
  d9dec500 Browse Files
17 Jan, 2020 2 commits
- Add signature for some known elliptic curve orders · f5642056
  Sylvain authored Jan 17, 2020
  
  f5642056 Browse Files
- Move more generic rules to capabilities category. · d2bc685a
  Frank Poz authored Jan 17, 2020
  
  d2bc685a Browse Files
16 Jan, 2020 3 commits
- Index updated · fd3351aa
  yararules authored Jan 16, 2020
  
  fd3351aa Browse Files
- Update main.yml · 8001d704
  Jaume Martin authored Jan 16, 2020
  
  8001d704 Browse Files
- Update main.yml · af2fcb75
  Jaume Martin authored Jan 16, 2020
  
  af2fcb75 Browse Files