A collection of Yara rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Switch branches/tags
Nothing to show
Clone or download
Permalink
Failed to load latest commit information.
Adobe_Flash_DRM_Use_After_Free.rule Update Adobe_Flash_DRM_Use_After_Free.rule Feb 25, 2018
AgentTesla.rule Create AgentTesla.rule May 22, 2018
CVE_2018_4878_0day_ITW.rule FP reduction on sample 2a75ff1acdf9141bfb836343f94f4a73b8c64b226b0e2a… Feb 13, 2018
Embedded_PE.rule added embedded pe detection rule Sep 6, 2018
Hidden_Bee_Elements.rule Update Hidden_Bee_Elements.rule Sep 5, 2018
IQY_File.rule Update IQY_File.rule Aug 23, 2018
IQY_File_With_Pivot_Extension_URL.rule IQY hunting (release with blog) Aug 22, 2018
IQY_File_With_Suspicious_URL.rule IQY hunting (release with blog) Aug 22, 2018
LICENSE
Microsoft_Office_DDE_Command_Execution.rule added QUOTE obfuscation Jan 9, 2018
Microsoft_Office_Document_with_Embedded_Flash_File.rule small mods Feb 8, 2018
NTLM_Credentials_Theft_via_PDF_Files.rule Update NTLM_Credentials_Theft_via_PDF_Files.rule May 8, 2018
PDF_Document_with_Embedded_IQY_File.rule Create PDF_Document_with_Embedded_IQY_File.rule Oct 22, 2018
README.md added embedded pe detection rule Sep 6, 2018
RTF_Byte_Nibble_Obfuscation.rule Update RTF_Byte_Nibble_Obfuscation.rule Jul 31, 2018

README.md

yara-rules

A collection of Yara rules we wish to share with the world. These rules should not be considered production appropriate. Rather, they are valuable for research and hunting purposes. The rules are listed here, alphabetically, along with references for further reading: