How to Hunt for Threats Using YARA Rules
Finding similar or relevant samples using YARA is part of every hunter's day, and is similar to finding a needle in a haystack.
ReversingLabs has developed, tested and published over 100 Open-Source YARA rules on GitHub.
The rules cover a broad range of categories, detecting a multitude of malware downloaders, viruses, trojans, exploits and ransomware.
YARA detection rules are developed for threat hunters, threat researchers, incident responders and security analysts with the mission to reduce malware infection risk across the organization.
Each unique rule can inspect file content on endpoints, during transfer, execution or at rest. While there’s no limit to usage, the best results are seen with fully inspected multi-layered content.
Apply these YARA rules within static analysis solutions that perform decomposition, dynamic sandbox solutions that perform in memory YARA matching, network IPS controls or even SIEMs.
On June 30th 2020 ReversingLabs published over 100 open-source YARA rules within the ReversingLabs GitHub repository.
ReversingLabs plans to use the GitHub repository as the primary delivery method for threat defenders to access updated and quality open-source YARA rules that detect the latest threats.
Product Insights
Finding similar or relevant samples using YARA is part of every hunter's day, and is similar to finding a needle in a haystack.
We'll show you easy ways to search for file-based threats, exposing our human readable indicators and explainable threat intelligence, and demonstrating how to take action by hunting for variants of the Kwampirs RAT using YARA.