Integrate mthcht/ThreatHunting-Keywords-yara-rules

[tstromberg]

As mentioned in #60

It should easy to directly integrate: just extract a copy of it into the third_party directory. The rules seem very focused on Windows, so it will help build up our support there.

We'll want to make sure that we're meeting the license requirements (DRL) correctly:

Attribution — You must give appropriate credit to the original author(s) of the Rules, provide a link to the project, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

Right now the scanning results will pull out the author, but won't show a link. I'm not yet clear if the license requires credit in our README or whenever we show a match.

Help wanted if anyone wants to taket his on!

[mthcht]

@tstromberg Hello, i updated the license https://github.com/mthcht/ThreatHunting-Keywords-yara-rules/blob/86b8e6e55dd204bcc25332e9eb6cdc44d960f622/LICENSE#L14 including a link to the original project is encouraged whenever possible, but is not a strict requirement anymore.

[tstromberg]

Thanks for the update.

My plan right now is to have a link in the data formats that make sense (Markdown, JSON, YAML). For terminal output, I'll continue to show the rule's "Author" field.