Skip to content

Latest commit

 

History

History
40 lines (26 loc) · 1.75 KB

README.md

File metadata and controls

40 lines (26 loc) · 1.75 KB

Simple-Yara-rules

GitHub version License: MIT Awesome

What is YARA-Rules?

Yara

YARA rules are like a piece of programming language, they work by defining a number of variables that contain patterns found in a sample of malware. If some or all of the conditions are met, depending on the rule, then it can be used to successfully identify a piece of malware.

Requirements

Yara version 3.0 or higher is required for most of our rules to work. This is mainly due to the use of the "pe" module introduced in that version.

You can check your installed version with:

yara -v

Packages available in Ubuntu 14.04 LTS default repositories are too old. You can alternatively install from source or use the packages available in the Remnux repository.

Also, you will need Androguard Module if you want to use the rules in the 'mobile_malware' category.

Description own rules

We have deprecated mobile_malware rules that depend on Androguard Module because it seems an abandoned project. Check binaries and categorize malware by class. It's simple yara-rules which detect some suspicious strings into binaries by specified class.

These rules check following malware categorizations:

  • BBSRAT;
  • KeyLogger;
  • BackDoor;
  • MSOProtect;
  • Trojan;
  • Exploit;
  • Generic.