Skip to content

Update gen_xor_hunting.yar #752

Update gen_xor_hunting.yar

Update gen_xor_hunting.yar #752

Workflow file for this run

# This workflow assembles all Yara rules into a single file
name: Assemble Yara
on:
push:
branches:
- master
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checks-out the repository under $GITHUB_WORKSPACE
- name: Check-out the repository
uses: actions/checkout@v2
# Assemble all *.yar files (except those requiring external variables)
- name: Assemble all Yara files
run: "for f in $GITHUB_WORKSPACE/yara/*.yar; do if [[ (\"${f##*/}\" != \"generic_anomalies.yar\") && (\"${f##*/}\" != \"general_cloaking.yar\") && (\"${f##*/}\" != \"gen_webshells_ext_vars.yar\") && (\"${f##*/}\" != \"thor_inverse_matches.yar\") && (\"${f##*/}\" != \"yara_mixed_ext_vars.yar\") && (\"${f##*/}\" != \"configured_vulns_ext_vars.yar\") && (\"${f##*/}\" != \"gen_fake_amsi_dll.yar\") && (\"${f##*/}\" != \"expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar\") && (\"${f##*/}\" != \"yara-rules_vuln_drivers_strict_renamed.yar\") ]]; then cat $f >> signature-base.yar; fi;done"
# Upload the assembled Yara artifact
- name: Upload the resulting Yara artifact
uses: actions/upload-artifact@v4
with:
name: signature-base.yar
path: signature-base.yar