-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
17 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,24 +1,25 @@ | ||
| # :warning: WIP :warning: | ||
| This is a work in progress and can not be used in production yet! | ||
| # Raspirus YARA Collection | ||
|
|
||
| Welcome to the Raspirus Project's collection of YARA rules. This repository hosts a curated set of YARA rules designed to enhance malware detection and analysis capabilities. | ||
|
|
||
| # yara-rules | ||
| A collection of YARA rules for the Raspirus Project | ||
| ## Structure | ||
|
|
||
| ## Structure: | ||
| - **rules/**: Contains all the YARA rules, organized by vendor. Each vendor has its own folder, and the rules within these folders include a name and a short description. | ||
| - **scripts/**: A collection of Python scripts for manipulating the rules. One key script creates a binary release of the rules, which is uploaded as a release and used as the Raspirus database. | ||
|
|
||
| ### Malicious Documents | ||
| In this section you will find Yara Rules to be used with documents to find if they have been crafted to leverage malicious code. | ||
| Malware | ||
| ## Adding Your Own Rules | ||
|
|
||
| ### Malware | ||
| In this section you will find Yara rules specialised toward the identification of well-known malware. | ||
| Packers | ||
| Contributions are highly encouraged! To add your own rules: | ||
|
|
||
| ### Packers | ||
| In this section you will find Yara Rules aimed to detect well-known software packers, that can be used by malware to hide itself. | ||
| 1. **Fork the repository** and create a new branch. | ||
| 2. **Add your rule** to the appropriate vendor folder in the `rules` directory. If necessary, create a new folder for your vendor. | ||
| 3. **Submit a Pull Request (PR)** with a brief description of the rule you're adding. | ||
| 4. You can also improve or modify existing rules by following the same process. | ||
|
|
||
| ## Collected from: | ||
| - https://github.com/Yara-Rules/rules | ||
| - https://github.com/advanced-threat-research/Yara-Rules | ||
| If you encounter any issues with a rule, please open an issue, specifying the file or rule name. We will investigate and address the issue as soon as possible. | ||
|
|
||
| ## Sources | ||
| - [YARA HQ](https://yarahq.github.io) | ||
| - [Yara-Rules GitHub Repository](https://github.com/Yara-Rules/rules) | ||
|
|
||
| We appreciate your contributions and support in making the Raspirus YARA collection a valuable resource for the community! |