Validin launches Webhooks Beta for Enterprise, enabling real-time notifications on YARA rule matches and threat profile updates. Supports Slack endpoints, HMAC SHA256 signatures, customizable fields, and delivery tests. #ThreatIntel #YARARules
ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze.
👉 hubs.ly/Q043qJY-0
#yararules #detectionengineering #malwareanalysis
Paranoya: A simple IOC and Yara scanner for Linux
Check ✅️ it out:
github.com/c0m4r/paranoya
#cybersecurity #yararules #linux
🔍 While macOS #malware is less widespread than Windows malware, the ability to identify, detect, & classify old & new threats alike is increasingly important. That's where #YARArules come into play: https://bit.ly/4nJKq9I
#WeaselStore is an #infostealer used by the #APT group #DeceptiveDevelopment, which targets developers on multiple systems in web & cryptocurrency. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW
EggStremeFuel is a #backdoor that is part of a file-less #malware framework used by a Chinese #APT group, which recently attacked a military company in the Philippines. Don't become a victim, deploy our public #YARArules: https://bit.ly/3x34FdW
RL's research team analyzed 4 #STDGroup-operated RATs, which yielded file indicators to better detect the #malware, plus 2 #YARArules: https://bit.ly/4npaWov
Warlock is a #ransomware based on the leaked #LockBit code, & is used by the Chinese #APT group #Storm2603 in the recent #ToolShell campaign. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW
#PondRAT is a #backdoor used by the North Korean #APT group #Appleworm, & is delivered by malicious #PyPI packages in order to gain remote access to infected machines. Don't become a victim, deploy our public #YARArules: https://bit.ly/3x34FdW
#PathWiper is a #trojan used by a Russian #APT group against Ukraine. It destroys data on physical, logical, & network drives by overwriting them with random values. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW #Malware #ThreatHunting
#Pumakit is an advanced #rootkit that hides its C2 communication & system manipulation by hooking syscalls & kernel functions. Don't become a victim, deploy our public #YARArules: https://bit.ly/3x34FdW #Malware #ThreatHunting
just released version 1.0.1 of The Yaralyzer. Fixes a small bug when trying to choose a byte offset to force a UTF-16 or UTF-32 decoding of matched bytes.
someone set up Yaralyzer as a #Kali package; not sure if that's made it into a release yet but if not the links are below […]
Screen cap of RecordedFuture whitepaper cover: Auto YARA: Automated Yara Rule Generation for High-confidence Threat Detection #bioinspiration
RecordedFuture's AI-driven #yararules system dynamically adjusts extraction sensitivity, enhancing precision & coverage in #malware detection. Inspired by #bioinformatics, it reduces complexity by filtering false positives based on pattern length not corpus size go.recordedfuture.com/whitepaper/a...
#BackConnect is a #backdoor used by the threat actors behind #BlackBasta & #Cactus #ransomware to establish persistence on compromised systems. Don't become a victim, deploy our public #YARArules: github.com/reversinglab...
#AutoColor is a #backdoor that uses advanced stealth techniques, such as hiding network activity, hooking libc functions, & preventing removal. Protect yourself by deploying our public #YARArules: github.com/reversinglab...
#Cybersecurity #ThreatHunting #Malware
#Sshdinjector is a #backdoor which injects itself into the SSH daemon, & is used by the #Daggerfly #APT group for espionage purposes. Don't become a victim, deploy our public #YARArules: github.com/reversinglab...
#Malware #Cybersecurity
yara2stix - A command line tool that converts the YARA Rules into STIX 2.1 Objects
Check it out:
github.com/muchdogesec/...
#yararules #detectionengineering #stix #threatintelligence #threatdetection
#wmRAT is another #backdoor attributed to the #APT group #TA397, & is used in attacks on organizations in the defense sector across the APAC & EMEA regions. Protect yourself by deploying our public #YARArules: bit.ly/3x34FdW
#Malware #Cybersecurity #SecOps
#WolfsBane is a #backdoor used by the Chinese #APT group #Gelsemium to spy on organizations in Singapore, Taiwan, & the Philippines. Don't become a victim, deploy our public #YARArules: github.com/reversinglab...
#Malware #Cybersecurity #SecOps
#Elpaco is a variant of a known #Mimic #ransomware that abuses the free file discovery library named Everything, & targets numerous countries worldwide. Protect yourself by deploying our public #YARArules: github.com/reversinglab...
#Cybersecurity #Malware
#Elpaco is a variant of a known #Mimic #ransomware that abuses the free file discovery library named Everything, & targets numerous countries worldwide. Protect yourself by deploying our public #YARArules: github.com/reversinglab...
#Malware #Cybersecurity
#MiyaRAT is a #backdoor attributed to the #APT group #TA397, which conducted multiple attacks on organizations in the defense sector across APAC & EMEA regions. Don't become a victim, deploy our public #YARArules: github.com/reversinglab...
#Cybersecurity #Malware
Quality meme by the man itself, @greg-l.bsky.social !
We are few days away from 2025! Get your YARA rules ready 👀 #100DaysOfYARA #YARARules
YaraGuard - a static malware analysis tool that uses YARA rules as it's core
Check it out 🔥🔥:
github.com/RootMiner/Ya...
#yararules #threathunting #malwareanalysis
#cybersecurity #infosec
Community Generated Yara Rules for detection of malware families
github.com/harryeetsour...
#cybersecurity #infosec #yararules #malwaredetection #threathunting #malware #infosec
