doomedraven
commented
2 years ago that a bit is hard question, there is amazing rules and crap rules(in repo not that folder, didn't review from folder), just adding all/big part rules will delays a lot processing to scan with all rules all the files + that generates a lot of data to store so bear that in mind, and in past that was giving mongodb problems due to mongos 16mb document max size. most of the rulesare old and families are dead, we have dead families here bcz people are lazy to do cleanup :D
the best in my opinion is that this kind of stuff everyone adds to their setups by themselves, so they need to fix the FP, slowdown etc. as for example in my private fork i don't use cape's extractors, most of the community yara, and other stuff that i don't need on my setup
for the pony rule, there is Kevins rule, his rules are in main repo https://github.com/kevoreilly/CAPEv2/blob/1e66d2460276b28b45bea8123cc74daa83295f68/data/yara/CAPE/Fareit.yar
i hope that answers your answer, feel free to reach for any other question
I am curious, how open are y'alls to me starting to raid other Yara repos for stuff we don't currently have. Begun looking deeper into that dir and comparing it against https://github.com/Yara-Rules/rules/tree/master/malware .
One hit upon that was easily testable was Pony with 469a2bd68eec3b9262aae35bbdc51dba from https://samples.vx-underground.org/samples/Families/Pony/ .
That said it had plenty of other hits, but it was just one of I just happened to look at that we did not have direct coverage for already in there.