• Stars
    star
    560
  • Rank 79,541 (Top 2 %)
  • Language YARA
  • License
    Apache License 2.0
  • Created about 6 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Repository of YARA rules made by Trellix ATR Team

Yara-Rules

Repository of YARA rules to accompany the Trellix ATR blogposts & investigations

We endorse contributing to improve our rules - please send us a pull request with your proposal

In case you discovered a false positive with our rules, please share with us your details in an issue report and we’ll try to improve our Yara rules.

Happy Hunting!

More Repositories

1

DotDumper

An automatic unpacker and logger for DotNet Framework targeting files
C#
246
star
2

CVE-2020-16898

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Lua
207
star
3

Creosote

Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.
Python
83
star
4

IOCs

Repository containing IOCs, CSV and MISP JSON from our blogs
HTML
78
star
5

GhidraScripts

Scripts to run within Ghidra, maintained by the Trellix ARC team
Java
73
star
6

DarkSide-Config-Extract

31
star
7

NetLlix

A project created with an aim to emulate and test exfiltration of data over different network protocols.
C#
30
star
8

CVE-2020-16899

CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Lua
20
star
9

xbypass

A tool to facilitate ROP Chain Development for XML Character Sanitization
Python
18
star
10

Expert-Rules

17
star
11

Ripple-20-Detection-Logic

Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
Lua
11
star
12

Threat-Reports

Repository to store the Threat Reports made by the McAfee Enterprise ATR Team
11
star
13

ATR_HAX_CTF_2021

McAfee Enterprise Advanced Threat Research Capture the Flag
Python
8
star
14

DotDumperGUI

A graphical user interface to easily read through, and filter, DotDumper JSON-based logs
C#
6
star
15

ATR_HAX_CTF_2022

Trellix Advanced Threat Research CTF compitition of 2022
Java
5
star
16

Russian_CyberThreats_Yara

Repository with aggregated public source yara rules
2
star
17

DotDumperNative

The native (unmanaged) library which contains hooks for native functions that are hooked using DotDumper
C++
2
star
18

Golang-Runtime-Binaries

A repository with a variety of compiled Golang binaries, each of which contains the entire Golang runtime for the given architecture for the specific Golang version
1
star
19

BSim

BSim signatures and databases for Ghidra to recover function symbols with
1
star
20

FIDBs

FunctionID databases for Ghidra to recover function symbols with from stripped binaries
1
star