Skip to content

ruppde/yara_rules

Repository files navigation

Arnims YARA rules

capa2yara

See capa2yara

Webshells

This is the dev repo for my webshell YARA rules in https://github.com/Neo23x0/signature-base/blob/master/yara/gen_webshells.yar

Since the rules are included in Thor they are run on all Virustotal uploads with dozens of matches per day:

Most of the rules are also active on Malware-Bazaar, e.g.

C# red team tools

YARA rules to find hack tools via C# GUIDs. Easily bypassed but not everybody does the effort :)

VT matches of all rules: https://www.virustotal.com/gui/search/sharp%2520guid/comments

Matches for single rules can be found with the lower case name of the rule, e.g. HKTL_NET_GUID_C_Sharp_R_A_T_Client would be: https://www.virustotal.com/gui/search/hktl_net_guid_c_sharp_r_a_t_client/comments

On Malware-Bazaar by rulename, e.g.:

Releases

No releases published

Packages

No packages published

Languages