RL Blog
|

Advancing YARA through Community - REVERSING 2020 Showed Us How

First Global Event Highlights the Art of Threat Hunting

Chip Epps
Blog Author

Chip Epps, Former Director of Product & Solution Marketing at ReversingLabs. Read More...

Advancing YARA through Community
REVERSING 2020, the first global event where threat hunters go deep on YARA, was held virtually last week with a ‘live’ audience of 985 from approximately 2000 registrants! The event covered everything YARA with a jam-packed agenda including 10 thought leaders, industry experts and practitioners ranging from large cybersecurity companies to global financial services to smaller nonprofits. This level of participation from the security community is indicative of the ongoing interest in YARA and demand for advanced malware analysis and threat hunting skills. 


The participant survey feedback highlighted a 95% approval rating for the event, echoed by the original creator of YARA, Victor Alvarez of VirusTotal/Chronicle.


The event concluded with a closing presentation by ReversingLabs Chief Software Architect and Co-Founder Tomislav Pericin, who also announced the ReversingLabs release of 100+ open-source YARA rules to the community. These YARA rules are written by our experienced threat researchers and have undergone rigorous testing. They are of a quality that delivers essentially zero false positives and are optimized for the breadth of data available through ReversingLabs automated static analysis- but you are not required to have our products to use these rules.

Why is this important and relevant? ReversingLabs is sharing YARA rules among the open source community to help defenders improve the efficacy of their threat detections and elevate the practice of threat hunting. By releasing high quality YARA rules, we accomplish four objectives:

1. We upskill threat defenders by showcasing our high-quality malware detection rules, consisting of patterns that identify malicious code blocks

2. We close detection gaps (MTTD) for the most problematic malware types, and subsequently reduce business continuity risks

3. We shorten time to respond (MTTR) to malware incidents by providing expanded context and actionable intelligence about malware families that other solutions either don’t provide or require a second opinion

4. We provide a solution path forward, offering improved detections by leveraging these rules against the most extensive set of rich metadata provided by ReversingLabs Titanium Platform and its core technologies which include automated static analysis, IOC extraction and explainable machine learning.

Tomislav Pericin, ReversingLabs


And with a commitment to publish new open-source YARA rules weekly, ReversingLabs posted 4 new rules to the Github repository this week:

  • Infostealer.ProjectHookPOS
  • Ransomware.Pacman
  • Ransomware.PXJ
  • Ransomware.Ragnarok

As a final REVERSING 2020 perk, those that attended received a digital badge for their participation.

REVERSING 2020 Digital Badge

Until REVERSING 2021!

More Blog Posts

Do More With Your SOAR

Do More With Your SOAR

Running an SOC is complex — and running without the best tools makes it more difficult. Learn how RL File Enrichment can automate and bolster your SOC.
Read More