A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Adobe_Flash_DRM_Use_After_Free.rule Update Adobe_Flash_DRM_Use_After_Free.rule Feb 25, 2018
AgentTesla.rule Create AgentTesla.rule May 22, 2018
CVE_2018_4878_0day_ITW.rule
Embedded_PE.rule added embedded pe detection rule Sep 6, 2018
Excel_Hidden_Macro_Sheet.rule added sigs for http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky… Jan 29, 2019
Executable_Converted_to_MSI.rule
Hidden_Bee_Elements.rule Update Hidden_Bee_Elements.rule Sep 5, 2018
IQY_File.rule Update IQY_File.rule Aug 23, 2018
IQY_File_With_Pivot_Extension_URL.rule IQY hunting (release with blog) Aug 22, 2018
IQY_File_With_Suspicious_URL.rule
LICENSE Initial commit Oct 11, 2017
MSIExec_Pivot.rule added sigs for http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky… Jan 29, 2019
Microsoft_Office_DDE_Command_Execution.rule added QUOTE obfuscation Jan 9, 2018
Microsoft_Office_Document_with_Embedded_Flash_File.rule small mods Feb 8, 2018
NTLM_Credentials_Theft_via_PDF_Files.rule Update NTLM_Credentials_Theft_via_PDF_Files.rule May 8, 2018
PDF_Document_with_Embedded_IQY_File.rule Create PDF_Document_with_Embedded_IQY_File.rule Oct 22, 2018
README.md added sigs for http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky… Jan 29, 2019
RTF_Byte_Nibble_Obfuscation.rule Update RTF_Byte_Nibble_Obfuscation.rule Jul 31, 2018

README.md

yara-rules

A collection of YARA rules we wish to share with the world. These rules should not be considered production appropriate. Rather, they are valuable for research and hunting purposes. The rules are listed here, alphabetically, along with references for further reading: