#100DaysOfYara #R7_Labs
BruteRatel detection based on anti-debugging and anti-hooking techniques along with some NT function hashes.

github.com/rapid7/Rapid7-…

#100DaysOfYara Day 14:
Another rule for a #UnprotectProject technique. This rule targets the Right-To-Left (RLO) extension spoofing technique.This spoofing also works on VT but only in the GUI, the URL shows the actual file %E2%80%AEfdp.exe

E2 80 AE are the bytes encoding the…

🎯 Hunt unique #AdWind samples #100DaysofYARA

💫 Would you like to develop threat hunting #YARA rules?

📌 Here is an example of how you can do it for the unknown samples of AdWind ( #AlienSpy ), a Java-based #MaaS with remote access capabilities.

✍️ Just follow these steps:

1⃣…

#100DaysOfYara #R7_Labs
Here is a YARA rule to hunt for a new #AtlantidaStealer
github.com/rapid7/Rapid7-…

checkout the analysis rapid7.com/blog/post/2024…

#100DaysofYARA Day21:

this rule detects the unpacked version of #CryptBot Stealer

rule -> github.com/FarghlyMal/Yar…

Follow us for a fun/low effort way of learning/practicing Yara 🥳

Complete the rule #100DaysOfYara #Daily7

kc7cyber.com/go/daily7

#100daysofYARA I use a similar technique to this querying logs remotely as the rule can then return the whole line for context instead of just the string hit.
Here is a an example looking for a line hit adding in anchors at beginning and end targeting access logs.
Pretty much…

#100DaysOfYara Day 16:
Today I wrote a rule for the PyArmor python obfuscator. A simple rule checking for common strings used by the obfuscators runtime. Also contributing this to #UnprotectProject

github.com/cod3nym/detect…

#100DaysOfYara
I have lost count of how many days have passed but here is the Yara rule for #NarniaRAT from the #BotnetFenix campaign
Rule: github.com/RussianPanda95…

I stopped the #100daysofYara 🙈 because I got swamped with other work & life but during my stint with the challenge, I released YaraToolkit and DocYara (which, let's just say, took me quite some time to create). 🤓

🛠️YaraToolkit is your all-in-one Yara go-to spot 🌟—from…

All of my #YARA rules from the 100DaysofYARA challenge are copied over to my new YARA GitHub repo and also renamed the rule files for easier identification 🐧

Link to Repo: github.com/RustyNoob-619/…

I plan to keep adding to this repo and building it up over the year 💪

#100daysofyara I got really excited for a second.

Thanks Greg Lesnewich for my new favorite mug!! What and awesome way to close out #100DaysofYara . The real reward was the rules you made along the way though, eh?

This is my first contribution to #100DaysOfYARA
𝐃𝐚𝐲 𝟭𝟬: My rule detects 𝗠𝗼𝗿𝘁𝗶𝘀 𝗟𝗼𝗰𝗸𝗲𝗿 ransomware that was first discovered on 29 September 2023 by Gameel Ali 🤘
m4lcode.github.io/malware%20anal…

Introduction to YARA - Part 4
Writing Efficient YARA Rules

#100DaysOfYara

wrote a lil helper binja script to clean up the __cstring section of a macho file!

its not always perfect but it generally makes the rev experience nicer (esp for those grinding #100DaysOfYara 🫡)

gist.github.com/ald3ns/bc3bcc6…

#100DaysOfYara Day 17 - generic dropper detection. github.com/Johnnyd4251/10…

I have created a YARA rule to detect binaries that are signed with a potentially compromised AnyDesk signing certificate

(if the PE header info isn't AnyDesk -> other binaries signed with the compromised cert)

#100DaysOfYARA #AnyDesk
github.com/Neo23x0/signat…

#YARA siganture for #PikaBot #malware quickly generated with #binlex . Enjoy! 😘 #100daysofyara
gist.github.com/c3rb3ru5d3d53c…
github.com/c3rb3ru5d3d53c…

Just completed Yara For Security Analysts! Such an amazing course I'd recommend for anyone looking to learn more about malware analysis and detection!

Thanks for the awesome content Steve YARA Synapse Miller

#100daysofyara
networkdefense.io/library/yara-f…