#100DaysOfYara Day 14:
Another rule for a #UnprotectProject technique. This rule targets the Right-To-Left (RLO) extension spoofing technique.This spoofing also works on VT but only in the GUI, the URL shows the actual file %E2%80%AEfdp.exe
E2 80 AE are the bytes encoding the…
#100DaysOfYara #R7_Labs
Here is a YARA rule to hunt for a new #AtlantidaStealer
github.com/rapid7/Rapid7-…
checkout the analysis rapid7.com/blog/post/2024…
#100daysofYARA I use a similar technique to this querying logs remotely as the rule can then return the whole line for context instead of just the string hit.
Here is a an example looking for a line hit adding in anchors at beginning and end targeting access logs.
Pretty much…
#100DaysOfYara Day 16:
Today I wrote a rule for the PyArmor python obfuscator. A simple rule checking for common strings used by the obfuscators runtime. Also contributing this to #UnprotectProject
github.com/cod3nym/detect…
#100DaysOfYara
I have lost count of how many days have passed but here is the Yara rule for #NarniaRAT from the #BotnetFenix campaign
Rule: github.com/RussianPanda95…
I stopped the #100daysofYara 🙈 because I got swamped with other work & life but during my stint with the challenge, I released YaraToolkit and DocYara (which, let's just say, took me quite some time to create). 🤓
🛠️YaraToolkit is your all-in-one Yara go-to spot 🌟—from…
Thanks Greg Lesnewich for my new favorite mug!! What and awesome way to close out #100DaysofYara . The real reward was the rules you made along the way though, eh?
This is my first contribution to #100DaysOfYARA
𝐃𝐚𝐲 𝟭𝟬: My rule detects 𝗠𝗼𝗿𝘁𝗶𝘀 𝗟𝗼𝗰𝗸𝗲𝗿 ransomware that was first discovered on 29 September 2023 by Gameel Ali 🤘
m4lcode.github.io/malware%20anal…
wrote a lil helper binja script to clean up the __cstring section of a macho file!
its not always perfect but it generally makes the rev experience nicer (esp for those grinding #100DaysOfYara 🫡)
gist.github.com/ald3ns/bc3bcc6…
Just completed Yara For Security Analysts! Such an amazing course I'd recommend for anyone looking to learn more about malware analysis and detection!
Thanks for the awesome content Steve YARA Synapse Miller
#100daysofyara
networkdefense.io/library/yara-f…