YARA rules for cobaltstrike and ccleaner

airbnb / binaryalert

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

https://binaryalert.io

Apache License 2.0

1.4k stars 187 forks source link

YARA rules for cobaltstrike and ccleaner #89

Closed austinbyers closed 6 years ago

austinbyers commented 6 years ago

to: @javuto and @mime-frame cc: @airbnb/binaryalert-maintainers size: medium

Changes

Adds YARA rules which detect different CobaltStrike components
Adds a YARA rule for the backdoored CCleaner

Testing

CI: Tests that rules compile as expected

coveralls commented 6 years ago

Coverage remained the same at 95.851% when pulling acfea404956191dfd417fa83b493b5ced85584c2 on austin-cobalt-yara-rules into cebb706fa1736888accf1467528b9f860c683530 on master.

coveralls commented 6 years ago

Coverage remained the same at 95.856% when pulling 2d4723368a303a1a7d9bfbb66af057c5455437b0 on austin-cobalt-yara-rules into 0fcb60ecd75c408f7e6b0c1a2525af75522514d7 on master.