-
Describe the bug
----------------
`uint32be` is Yara keyword that has been around since 2014 (Yara v3.2.0) and is used in some yara-rules to find malicious contents, however these rules cannot be …
-
## Background
Malware is often packed or encrypted using custom algorithms on specific sections within a dropper binary. It would be nice to arbitrarily specify extracting/unpacking/decrypting/deco…
-
#@doomedraven (but mostly other people :D )
upgrading test and prod sandbox getting what i think we haven't seen before. (yara 2.6, newest kernel + libs + pylibs and source)
we've basically been…
-
hi,
I have ES 'searchonly' + mongo for reporting.
I've also added a bit of code to the reporting module at the bottom to add signatures into the search
(btw the code that's there probs needs some …
-
I try to apply this in relation with my project Avred (related to Antivirus signatures), and it got me thinking.
If an AV has a signature of a tool, it will be Level 2. But is it A, U, or K?
T…
dobin updated
11 months ago
-
```
Hi,
There seems to be a change in the peid resources.
The only available userdb.txt is found here:
http://research.pandasecurity.com/blogs/images/userdb.txt
Extract from the file shows:
; Made…
-
```
Hi,
There seems to be a change in the peid resources.
The only available userdb.txt is found here:
http://research.pandasecurity.com/blogs/images/userdb.txt
Extract from the file shows:
; Made…
-
```
Hi,
There seems to be a change in the peid resources.
The only available userdb.txt is found here:
http://research.pandasecurity.com/blogs/images/userdb.txt
Extract from the file shows:
; Made…
-
Hi,
private rules in yara allow to have C like functions. It works with yara, but clamav does not support it.
Example : These are test rules :
test.yara:
```yara
private rule Rule1
{
…
-
Hi,
I wanted to write a converter that will take rules that use a superset addition of YARA (such as [VT hunting syntax](https://support.virustotal.com/hc/en-us/articles/360001316037-Livehunt-rules…