Integrate other yara rules sources

elhoim commented 9 years ago

Same issues as in #262 apply (need to add tags metadata and test for FPs).

kevthehermit commented 9 years ago

I have a script that will read parse and write yara rules. Can integreate that to add the meta tags. And check for duplicates.

On Wed, 15 Apr 2015 13:48 David André notifications@github.com wrote:

I have been using GitHub search engine to find some projects that have malware related yara rules, here is the list: https://github.com/nyx0/yar4m https://github.com/kevthehermit/YaraRules https://github.com/Yara-Rules/rules https://github.com/phbiohazard/Yara https://github.com/arbor/yara https://github.com/3vangel1st/Yara https://github.com/paralax/HorribleCanoe (Only some of them)

https://github.com/citizenlab/malware-signatures/tree/master/yara-rules/malware-families https://github.com/0pc0deFR/YaraRules https://github.com/0day1day/yarasigs https://github.com/jipegit/yara-rules-public

https://github.com/securitykitten/public_yara_rules/tree/master/sandbox_checking https://github.com/sysforensics/YaraRules https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara https://github.com/Jawn123/YaraRules https://github.com/malwared/yara-rules

Same issues as in #262 https://github.com/botherder/viper/issues/262 apply (need to add tags metadata and test for FPs).

— Reply to this email directly or view it on GitHub https://github.com/botherder/viper/issues/278.

GelosSnake commented 9 years ago

Do you really think this is a good idea? Each rule will have to be tested against false positives etc...

botherder commented 6 years ago

I think this would be good to have. Perhaps integrate that in the Yara module.

viper-framework / viper

Integrate other yara rules sources #278