Publish Forum topic Publish your post to the cyberwarzone forum for free and no registration!

YARA rules download: The best YARA rules for Malware Analysis and Detection

YARA rules are used to identify specific types of malware, and the use of YARA rules is very simple and straight forward. The fact that the use of YARA is easy has allowed the community to create hundreds of YARA rules which identify unique malicious binaries and threats. But here comes the though part, there are tons of sources where you can find and download YARA rules.

A lot of YARA rules can be found on Github, but there are also private environments which share YARA rules. So, in order to make it easy to keep track of those environments, we have listed down environments where you can find and download YARA rules.

But we have done more for you – the creation of YARA rules can also be done by you, in order to fully understand what YARA rules actually are – we have also listed some awesome websites which teach you the full capabilities of YARA and how you can create your own YARA rules within minutes.

The basics of YARA

YARA rules are a set of strings and Boolean expressions which contain signatures of the malware you are trying to identify. For example, the DarkComet Trojan always creates the DC_Mutex- string when it runs on a machine. In order to identify DarkComet with YARA, you will have to create a string which would match for DC_MUTEX-.

See the DarkComet YARA rule here

YARA rules for APT attacks

An awesome example of the use of YARA rules is the APT1 YARA rule, this rule contains signatures which will allow you to identify attacks which could originate from the Chinese threat actor “Unit 61398”.

The APT1.yar yara rule was created in order to detect attacks/malware from the Chinese threat actor group “Unit 61398”.

Unit 61398 is part of the PLA (People’s Liberation Army), and they are also known as the threat actor group “Comment Crew”, because they use a method in their attacks which allows them to communicate command and control data via HTML comments.

Download the APT1 YARA rule directly.

Environments where you can find YARA rules

Environments where you can learn how to work with YARA and how to create YARA rules

Download YARA rules directly from GitHub

APT1.yar
APT3102.yar
APT9002.yar
APT_APT17.yar
APT_CVE2015_5119.yar
APT_Carbanak2.yar
APT_Careto.yar
APT_CheshireCat.yar
APT_Cloudduke.yar
APT_DeputyDog_Fexel.yar
APT_Derusbi.yar
APT_Duqu2.yar
APT_HackingTeam.yar
APT_Hellsing.yar
APT_Hikit.yar
APT_Irontiger_Trendmicro.yar
APT_Kaba.yar
APT_Laudanum_Webshells.yar
APT_LotusBlossom.yar
APT_Minidionis.yar
APT_Mirage.yar
APT_Molerats.yar
APT_Mongall.yar
APT_NGO_wuaclt.yar
APT_OLE_JSRat.yar
APT_OPCleaver.yar
APT_Regin.yar
APT_Seaduke_Unit42.yar
APT_Sofacy_xtunnel_bundestag.yar
APT_Sphinx_Moth.yar
APT_Terracota.yar
APT_Terracota_Liudoor.yar
APT_WildNeutron.yar
APT_Winnti.yar
APT_alienspy_RAT.yar
APT_backspace.yar
APT_bluetermite_emdivi.yar
APT_c16.yar
APT_indetectables_RAT.yar
APT_irontiger.yar
APT_korplug_fast.yar
APT_passthehashtoolkit.yar
APT_pcclient.yar
APT_putterpanda.yar
APT_quarkspwdump.yar
APT_threatgroup_3390.yar
APT_unit78020_malware.yar
Adzok_RAT.yar
Alina.yar
Andromeda.yar
Anthem_DeepPanda.yar
Athena.yar
Babar.yar
Backdoor_WinntiPharma.yar
Bangat.yar
BlackEnergy.yar
BlackShades.yar
BlackWorm.yar
Bolonyokte.yar
Boouset.yar
Bozok.yar
Bublik_downloader.yar
CRIME_Shifu_trojan.yar
Casper.yar
Cerberus.yar
Citadel.yar
Cookies.yar
Crime_Fareit.yar
Crimson_RAT.yar
CyberGate.yar
Cythosia.yar
DRIDEX_phish_gina_dec15.yar
DarkComet.yar
Dexter.yar
DiamondFox.yar
Dridex.yar
EXPERIMENTAL_Beef_Hooked.yar
EXPERIMENTAL_Beef_pretty_theft.yar
Enfal.yar
Equation.yar
Exploit_CVE_2015_2426.yar
Ezcob.yar
F0xy.yar
FakeM.yar
FinSpy.yar
FiveEyes.yar
FlyingKitten.yar
Genome.yar
Gh0st.yar
Gholee.yar
GlassRAT.yar
Glasses.yar
Grozlex.yar
HackTools.yar
Havex.yar
Havex_Memdump.yar
IMuler.yar
Install11.yar
Intel_Virtualization.yar
KINS.yar
Kelihos.yar
KeyBoy.yar
LURK0.yar
Lenovo_superfish.yar
Leverage.yar
LinuxMoose.yar
LostDoor.yar
LuckyCat.yar
MacControl.yar
Mailers.yar
Miancha.yar
Miscelanea.yar
Miscelanea_Linux.yar
Miscelanea_RTF.yar
NSFree.yar
Naikon.yar
NetTraveler.yar
Njrat.yar
Notepad.yar
Olyx.yar
OpClandestineWolf.yar
Opcleaver.yar
Operation_Potao.yar
POS.yar
POS_Easterjack.yar
POS_LogPOS.yar
POS_MalumPOS.yar
POS_bernhardPos.yar
PlugX.yar
PoisonIvy.yar
Pony.yar
PubSab.yar
Quarian.yar
RAT_Sakula.yar
RAT_Terminator.yar
RCS.yar
Ransomware.yar
Regsubdat.yar
Rooter.yar
Safenet.yar
Sayad.yar
Scarhikn.yar
Scieron.yar
ShadowTech.yar
Shamoon.yar
Skeleton.yar
Stealer.yar
Surtr.yar
T5000.yar
Turla.yar
Urausy.yar
Vidgrab.yar
W32_NionSpy.yar
Wabot.yar
Warp.yar
Waterbug.yar
Webshell-shell.yar
Wimmie.yar
Win32_Buzus_Softpulse.yar
WoolenGoldfish.yar
XOR_DDosv1.yar
Xtreme.yar
YahLover.yar
Yayih.yar
Zegost.yar
Zeus.yar
ZoxPNG.yar
backoff.yar
crime_upatre_oct15.yar
cxpid.yar
dubrute.yar
exploit_cve_2015_1701.yar
exploit_uac_elevators.yar
favorite.yar
general_cloaking.yar
iexpl0ree.yar
inocnation.yar
jRAT.yar
js_obfuscator.yar
kraken_bot1.yar
mozart.yar
naspyupdate.yar
netwiredRC.yar
ponmocup_plugin_memory.yar
rovnix_downloader_sinkhole_check.yar
sqlite.yar
ssh_backdoor.yar
tedroo.yar
tox.yar
windigo-onimiki.yar
wineggdrop.yar
xRAT.yar
xRAT20.yar

Please spread the word :)

  • RSS
  • Follow by Email
  • Facebook
  • Google+
    http://cyberwarzone.com/yara-rules-download-the-best-yara-rules-for-malware-analysis-and-detection/">