awesome-yara

A curated list of awesome YARA rules, tools, and people.

GitHub

4k stars
171 watching
486 forks
last commit: about 2 months ago
Linked from 9 awesome lists

awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures

Awesome YARA / Guides

Yara Performance Guidelines 124 over 1 year ago
YARA-Style-Guide 35 8 months ago

Awesome YARA / Rules

AlienVault Labs Rules 509 almost 3 years ago

Awesome YARA / Rules / AlienVault Labs Rules

AlienVault Labs Collection of tools, signatures, and rules from the researchers at . Search the repo for .yar and .yara extensions to find about two dozen rules ranging from APT detection to generic sandbox / VM detection. Last updated in January of 2016

Awesome YARA / Rules

anyrun rules 11 11 days ago
Apple OSX
bartblaze YARA rules 323 about 2 months ago
BinaryAlert YARA Rules 1,405 10 months ago
Burp YARA Rules 43 over 2 years ago
BinSequencer 74 almost 3 years ago
CAPE Rules 1,924 1 day ago
CDI Rules 19 about 1 year ago

Awesome YARA / Rules / CDI Rules

CyberDefenses Collection of YARA rules released by for public use. Built from information in intelligence profiles, dossiers and file work

Awesome YARA / Rules

Citizen Lab Malware Signatures 132 almost 8 years ago
ConventionEngine Rules 37 over 1 year ago
Deadbits Rules 42 11 months ago

Awesome YARA / Rules / Deadbits Rules

Adam Swanda A collection of YARA rules made public by , Splunk's Principal Threat Intel. Analyst, from his own recent malware research

Awesome YARA / Rules

Delivr.to Detections 58 about 1 month ago
Didier Stevens Rules 1,979 about 1 month ago

Awesome YARA / Rules / Didier Stevens Rules

NVISO Labs Blog Collection of rules from Didier Stevens, author of a suite of tools for inspecting OLE/RTF/PDF. Didier's rules are worth scrutinizing and are generally written purposed towards hunting. New rules are frequently announced through the

Awesome YARA / Rules

Ditekshen Rules 202 8 days ago
Elastic Security YARA Rules 1,007 9 days ago
ESET IOCs 1,614 5 days ago

Awesome YARA / Rules / ESET IOCs

ESET WeLiveSecurity Blog Collection of YARA and Snort rules from IOCs collected by ESET researchers. There's about a dozen YARA Rules to glean from in this repo, search for file extension .yar. This repository is seemingly updated on a roughly monthly interval. New IOCs are often mentioned on the

Awesome YARA / Rules

Fidelis Rules
Filescan.io Rules 7 3 days ago
FireEye 2,645 7 months ago
Florian Roth Rules 2,457 3 days ago
Florian Roth's IDDQD Rule
f0wl yara_rules 10 over 2 years ago

Awesome YARA / Rules / f0wl yara_rules

https://dissectingmalwa.re/ A collection of Yara rules from blog posts

Awesome YARA / Rules

Frank Boldewin's Rules 61 over 1 year ago

Awesome YARA / Rules / Frank Boldewin's Rules

@r3c0nst A collection of YARA Rules from

Awesome YARA / Rules

FSF Rules 287 about 3 years ago
GoDaddy ProcFilter Rules 84 about 7 years ago
Google Cloud Threat Intelligence(GCTI) Rules 525 10 months ago
h3x2b Rules 23 about 1 month ago
HydraDragonAntivirus 37 7 days ago
Icewater Rules 379 over 5 years ago
imp0rtp3's Rules 18 almost 3 years ago
Intezer Rules 122 almost 3 years ago
InQuest Rules 363 over 2 years ago

Awesome YARA / Rules / InQuest Rules

InQuest Blog YARA rules published by InQuest researchers mostly geared towards threat hunting on Virus Total. Rules are updated as new samples are collected and novel pivots are discovered. The will often discuss new findings

Awesome YARA / Rules

jeFF0Falltrades Rules 29 23 days ago
kevthehermit Rules 51 over 8 years ago
Loginsoft Rules
lw-yara 102 over 3 years ago
ndaal_YARA_passwords_default
ndaal_YARA_passwords_weak
NCC Group Rules 474 almost 3 years ago
MalGamy's YARA_Rules 64 over 1 year ago
Malice.IO YARA Plugin Rules 30 about 5 years ago
Malpedia Auto Generated Rules
Malpedia Auto Generated Rules Repo 112 10 months ago
McAfee Advanced Threat Research IOCs 79 about 3 years ago
McAfee Advanced Threat Research Yara-Rules 563 10 months ago
mikesxrs YARA Rules Collection 330 6 months ago
Public YARA Rules 11 over 5 years ago
QuickSand Lite Rules 126 about 1 year ago
Rapid7-Labs 42 2 months ago
Rastrea2r 236 about 3 years ago
ReversingLabs YARA Rules 756 3 days ago
Securitymagic's YARA Rules 11 10 months ago
Sophos AI YaraML Rules 209 over 1 year ago
SpiderLabs Rules 244 about 8 years ago
StrangeRealIntel's Daily IOCs 310 10 months ago
t4d's PhishingKit-Yara-Rules 205 6 days ago
Telekom Security Malare Analysis Repository 110 10 months ago
Tenable Rules 60 almost 2 years ago
ThreatHunting-Keywords-yara-rules 77 23 days ago
TjadaNel Rules 9 over 5 years ago
VectraThreatLab Rules 19 almost 9 years ago
Volexity - Threat-Intel 313 2 months ago
x64dbg Signatures 84 over 5 years ago
YAIDS 21 almost 2 years ago
YARA-FORENSICS 135 about 4 years ago
YARA Forge
yara4pentesters 124 over 6 years ago
YaraRules Project Official Repo 4,146 6 months ago
Yara-Unprotect 25 almost 4 years ago

Awesome YARA / Rules / Yara-Unprotect

Unprotect Project

Awesome YARA / Tools

AirBnB BinaryAlert 1,405 10 months ago
alterix 15 23 days ago
androguard-yara 6 about 9 years ago
a-ray-grass 14 about 2 years ago

Awesome YARA / Tools / a-ray-grass

hashlookup.io YARA module that provides support for bloom filters in yara. In the context of , it allows to quickly discard known files before any further analysis

Awesome YARA / Tools

Arya- The Reverse YARA 240 almost 2 years ago
Audit Node Modules With YARA Rules 20 over 3 years ago
AutoYara 59 over 3 years ago
base64_substring 40 about 6 years ago
bincapz 407 4 days ago
CAPE: Config And Payload Extraction 1,924 1 day ago
CCCS-Yara 96 about 1 month ago
clara 32 5 months ago
Cloudina Security Hawk 20 about 1 month ago
CrowdStrike Feed Management System 129 almost 6 years ago
CSE-CST AssemblyLine

Awesome YARA / Tools / CSE-CST AssemblyLine

AssemblyLine The Canadian Communications Security Establishment (CSE) open sourced , a platform for analyzing malicious files. The component linked here provides an interface to YARA

Awesome YARA / Tools

decompressingyara 7 over 1 year ago
dnYara 36 over 1 year ago
ELAT 29 about 8 years ago
Emerson File Scanning Framework (FSF) 287 about 3 years ago
ExchangeFilter 20 about 3 years ago
factual-rules-generator 75 over 2 years ago
Fadavvi YARA collection script 26 about 1 year ago
FARA 48 9 months ago
Fastfinder 230 over 2 years ago
findcrypt-yara 1,330 5 months ago and
Fibratus

Awesome YARA / Tools / Fibratus

support for YARA A modern tool for Windows kernel exploration and observability with a focus on security and

Awesome YARA / Tools

Fnord 296 over 2 years ago
GoDaddy ProcFilter 397 over 4 years ago
go-yara 356 3 months ago
halogen 208 over 2 years ago
Hyara 222 6 months ago
IDA_scripts 12 almost 7 years ago
ida_yara 22 about 6 years ago
ida-yara-processor 28 over 5 years ago
InQuest ThreatKB 95 4 months ago
iocextract 500 about 1 month ago
Invoke-Yara
java2yara 3 over 2 years ago
KLara 695 3 months ago
Laika BOSS 736 over 1 year ago

Awesome YARA / Tools / Laika BOSS

Whitepaper 736 over 1 year ago

Awesome YARA / Tools

libyara.NET 51 2 months ago
Malcat
MalConfScan 481 10 months ago
malscan 12 over 6 years ago
Manalyzer Yara Validator
MISP Threat Sharing 5,309 1 day ago
MITRE MultiScanner 617 about 5 years ago
mkYARA 201 about 3 years ago
mquery 411 4 days ago
ndaal YARA ruleset checker

Awesome YARA / Tools / Nextron Systems OSS and Commercial Tools (Florian Roth: @Neo23x0)

Loki 3,364 7 months ago IOC and YARA rule scanner implemented in Python. Open source and free
THOR Lite IOC and YARA rule scanner implemented in Go. Closed source, free, but registration required

Awesome YARA / Tools

node-yara 13 over 3 years ago
ocaml-yara 5 2 months ago
OCYara 40 almost 6 years ago
osquery
PasteHunter 1,060 4 months ago
plast 17 about 4 years ago
plyara 173 4 months ago
Polichombr 374 over 5 years ago
PwC Cyber Threat Operations rtfsig 29 9 months ago
VirusTotalTools 35 over 6 years ago
shotgunyara 9 about 2 years ago
spyre 163 about 2 months ago
static_file_analysis 49 about 1 year ago
stoQ 394 over 2 years ago
Strelka 863 about 1 month ago
Sysmon EDR 217 over 3 years ago
SwishDbgExt 367 almost 6 years ago
ThreatIngestor 823 8 months ago
UXProtect
VTCodeSimilarity-YaraGen 96 about 4 years ago

Awesome YARA / Tools / VTCodeSimilarity-YaraGen

@arieljt Yara rule generator using VirusTotal code similarity feature written by

Awesome YARA / Tools

Vxsig 257 8 months ago
yabin 156 about 2 years ago
yaml2yara 22 over 4 years ago
YARA-CI
yaradbg-backend 24 9 months ago
yaradbg-frontend 37 9 months ago
yara-endpoint 104 over 6 years ago
YaraFileCheckerLib 2 over 2 years ago
YaraGenerator 329 over 8 years ago
YaraGen 35 about 7 years ago and
YaraGuardian 190 about 6 years ago
YaraHunter 1,236 5 days ago
yara-java 23 4 months ago
yaralyzer 103 7 months ago
yaramail
yaraMail 28 almost 5 years ago
Yara Malware Quick menu scanner 35 over 8 years ago
YaraManager 57 over 4 years ago
Yaramanager 65 almost 2 years ago ( )
yaramod 119 12 days ago
yarAnalyzer 358 over 1 year ago
yara-ocaml 11 almost 5 years ago
yara-parser 81 almost 2 years ago
yaraparser 8 about 4 years ago
yaraPCAP 100 about 11 years ago
yara-procdump-python 10 almost 7 years ago
yara-rust 76 16 days ago
yara-signator 153 about 2 years ago
YARA-sort 12 1 day ago

Awesome YARA / Tools / YARA-sort

blog Aggregate files into collections basd on YARA rules

Awesome YARA / Tools

Yara Python ICAP Server 57 about 3 years ago
yarasafe 100 over 4 years ago
Yara-Scanner 46 over 8 years ago
yarascanner 27 over 7 years ago
YaraSharp 35 over 2 years ago
Yara Toolkit
YaraStation 35 over 2 years ago
yara_tools 71 almost 6 years ago
Yara-Validator 39 about 4 years ago
yaraVT 5 almost 7 years ago
yara_zip_module 13 almost 2 years ago
yarg 25 about 4 years ago
yarGen 1,543 4 months ago
Yara Scanner 18 almost 2 years ago
Yarasilly2 28 4 months ago
yaya 261 10 months ago
YaYaGen 61 about 6 years ago
Yeti 1,724 1 day ago
yextend 297 over 2 years ago
yaraZeekAlert 60 10 months ago
yaraScanParser 11 over 3 years ago

Awesome YARA / Tools / yaraScanParser

Yara Scan Service Parsing tool for 's JSON output file

Awesome YARA / Tools

YARI 87 5 months ago
YLS 68 6 months ago
YMCA 3 over 2 years ago
Yobi 47 about 3 years ago
statiStrings 12 about 3 years ago

Awesome YARA / Services

Hybrid Analysis YARA Search
InQuest Labs
Koodous
MalShare
MalwareConfig
YaraEditor (Web)
YARAify
Yara Scan Service

Awesome YARA / Syntax Highlighters

language-yara 24 about 3 years ago Atom:
yara-mode 7 about 2 years ago Emacs:
GtkSourceView-YARA 3 over 4 years ago GTK-based editors, like gedit and xed:
userDefinedLanguages 583 5 days ago Notepad++:
YaraSyntax 19 almost 2 years ago Sublime Text:
vim-yara 14 over 3 years ago Vim: ,
vscode-yara 60 9 months ago Visual Studio Code:

Awesome YARA / Videos and Talks

Finding Evil with YARA
SAS2018: Finding aliens, star weapons and ponies with YARA
Costin Raiu - Combining code similarity with Yara to find goodies
YARA Rule Processing Sessions - Florian Roth
Upping the APT hunting game: learn the best YARA practices from Kaspersky
Star-Gazing | Using a Full Galaxy of YARA Methods to Pursue an Apex Actor | By Greg Lesnewich
Lightweight Binary Similarity - YARA Using PE Features for Quick Wins 4 about 3 years ago
DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules
Crawler 6,418 4 months ago
CVE PoC 3,304 almost 3 years ago
Forensics 3,927 about 19 hours ago
Hacking 12,967 4 months ago
HackwithGithub 83,778 about 2 months ago
Honeypots 8,520 about 2 months ago
Incident-Response 7,584 3 months ago
Infosec 5,165 8 months ago
IOCs 794 5 days ago
Malware Analysis 11,701 4 months ago
ML for Cyber Security 7,202 about 2 months ago
OSINT 18,626 23 days ago
PCAP Tools 3,116 5 months ago
Pentesting 21,566 about 23 hours ago
Reversing 4,052 about 1 year ago
Security 12,322 3 months ago
Static Analysis 13,266 4 days ago
Threat Detection 3,644 3 months ago
Threat Intelligence 7,958 about 2 months ago

Backlinks from these awesome lists: