├── .gitignore ├── LICENSE ├── Mikesxrs ├── APT_CN_FISHMASTER_STRING_PDB_MALWARE.yar ├── APT_CN_LINUX_RSHELL_MALWARE.yar ├── APT_CN_STATELYTAURUS_UNIQUE_STRINGS.yar ├── APT_CN_TA410_REVOKED_CERTIFICATE.yar ├── APT_IR_NOJUSTICE_MALWARE_WIPER.yar ├── APT_NK_KIMSUKY_APPLESEED_IMPHASH_MALWARE.yar ├── APT_NK_LAZARUS_DLRAT_IMPORT_HASH_MALWARE.yar ├── APT_NK_UNIQUE_ICON_RESOURCE_MALWARE.yar ├── APT_RU_TOOLMARK_MACOS_MALWARE.yar ├── CRIME_ASYNCRAT_DOTNET_METADATA_MALWARE.yar ├── CRIME_MALWARE_SPARKRAT_GOLANG.yar ├── CRIME_ORVX_WEBSHELL_V3_MALWARE.yar ├── CRIME_SERPENT_INFOSTEALER_DOTNET_METADATA_MALWARE.yar ├── CRIME_VALLEYFALL_PDB_PATH_IMPHASH_MALWARE.yar ├── INFO_ANDROID_APK_FILE.yar ├── INFO_ANDROID_DEX_FILE.yar ├── INFO_API_OVERRIDE_TOOL_SECTION_NAME.yar ├── INFO_ASPACK_PACKER.yar ├── INFO_BOOMERANG_PACKER.yar ├── INFO_CCG_PACKER.yar ├── INFO_CRUNCH_PACKER.yar ├── INFO_CVE_MENTION.yar ├── INFO_DAStub_Dragon_Armor_protector.yar ├── INFO_ELF_FILE.yar ├── INFO_ENIGMA_PROTECTOR.yar ├── INFO_EPACK_PACKER.yar ├── INFO_EPL_BUILD.yar ├── INFO_FIRSERIA_PUP_DOWNLOADER_SECTION_NAME.yar ├── INFO_GENTEE_INSTALLER.yar ├── INFO_HTTP_HTTPS_XOR.yar ├── INFO_HWP_FILE.yar ├── INFO_ImpRec_Section_name.yar ├── INFO_KCP_MZ_FILE.yar ├── INFO_KKRUNCHY_PACKER.yar ├── INFO_LNK_FILE.yar ├── INFO_LNK_FILE_CMD_LINE.yar ├── INFO_LNK_FILE_POWERSHELL.yar ├── INFO_LOLBIN_RUNDLL_USAGE.yar ├── INFO_MASKPE_PACKER.yar ├── INFO_MEW_PACKER.yar ├── INFO_MPRESS_PACKER.yar ├── INFO_MZ_FILE.yar ├── INFO_MZ_FILE_COMPUTERNAME_FUNCTION.yar ├── INFO_MZ_FILE_DISPLAY_FUNCTION.yar ├── INFO_MZ_FILE_HARDWARE_FUNCTION.yar ├── INFO_MZ_FILE_USERNAME_FUNCTION.yar ├── INFO_NEOLITE_PACKER.yar ├── INFO_NESTED_ZIP.yar ├── INFO_NIGHTHAWK_C2_FRAMEWORK_SECTION_NAME.yar ├── INFO_NSPACK_PACKER.yar ├── INFO_PDF_FILE.yar ├── INFO_PDF_FILE_GOOGLE_DOC.yar ├── INFO_PEBUNDLE_PACKER.yar ├── INFO_PECOMPACT_PACKER.yar ├── INFO_PELOCK_PROTECTOR.yar ├── INFO_PERPLEX_PROTECTOR.yar ├── INFO_PESHIELD_PACKER.yar ├── INFO_PESPIN_SECTION_NAME.yar ├── INFO_PETITE_PACKER.yar ├── INFO_PHP_BASE64_EVAL.yar ├── INFO_PIN_TOOL_ARTIFACT.yar ├── INFO_PROCRYPT_PACKER.yar ├── INFO_RAMNIT_VIRUS_MARKER_SECTION_NAME.yar ├── INFO_RLPACK_PACKER.yar ├── INFO_RPCRYPT_PACKER.yar ├── INFO_RTF_FILE.yar ├── INFO_SEAUSFX_PACKER.yar ├── INFO_SHRINKER_SECTION_NAME.yar ├── INFO_SIMPLE_PACK_SECTION_NAME.yar ├── INFO_STARFORCE_PROTECTION_PACKER.yar ├── INFO_SVKP_PACKER.yar ├── INFO_THEMIDA_PACKER.yar ├── INFO_TSULOADER_SECTION_NAME.yar ├── INFO_UNKNOWN_PACKER.yar ├── INFO_UPACK_PACKER.yar ├── INFO_UPX_PACKER.yar ├── INFO_VMPROTECT_PACKER.yar ├── INFO_VPROTECT_PACKER.yar ├── INFO_WINZIP_SELF_EXTRACTOR_SECTION_NAME.yar ├── INFO_WWPACK_PACKER.yar ├── INFO_WinLicense_Protector.yar ├── INFO_XOR_DOS_HEADER.yar ├── INFO_Y0DA_PROTECTOR.yar ├── INFO_YARA_RULE_FILE.yar ├── private rule doc_author.yar └── private rule last_modifed_by.yar ├── README.md ├── SI_FalconTeam ├── SI_APT_Kimsuky_Certificate_D2Innovation_bc3a_Jan24.yar ├── SI_APT_unattrib_netdoor_Jan24.yar ├── SI_CRYPT_ScrubCrypt_BAT_Jan24.yar ├── SI_CRYPT_hXOR_Jan24.yar └── SI_MAL_QBitStealer_Jan24.yar ├── albertzsigovits ├── fake_win_proc.yar └── mal_debug_str.yar ├── captainGeech ├── day001_nim.yara ├── day002_golang.yara ├── day003_swift.yara ├── day004_rust.yara ├── day005_triangledb_strdec.yara ├── day006_triangledb_modkeychain_strdec.yara ├── day007_pe_imports.yara ├── day008_triangledb_more_strdec.yara ├── day009_dockerfile.yara ├── day010_notes.md ├── day010_quine.yara ├── day011_yara.yara ├── day012_pwntools.yara ├── day013_qemu_plugin.yara ├── day014_synapse_nodes.yara ├── day015_lnk_powershell.yara ├── day016_exploit_hunting.yara ├── day017_exploitlogs_v1.yara ├── day018_exploitlogs_v2.yara ├── day019_susp_forums.yara ├── day020_resource_hunting.yara ├── day021_sensitive_docs.yara ├── day022_ttp_virtualloc_rwx_1.yara └── day023_ttp_virtualloc_rwx_2.yara ├── cc33kk ├── coldren └── signature_files.yar ├── fr0gger ├── DAY10_DontDoThat.yar ├── Day1 - Mindmap.png ├── Day2_vt_domain_hunting.yar ├── Day3_TriangleDB.yar ├── Day4_Xor_Hunting.yar ├── Day5_LNK_RemcosRat.yar ├── Day6_Magic.md ├── Day7_Richash.yar ├── Day_17_Rubeus_Typo ├── README.md └── day14_MedusaLoaders.yar ├── glesnewich ├── APT_IR_ShroudedSnooper.yar ├── APT_NK_TA444_SpectralBlur.yar ├── APT_RU_TA422_EchoLaunch.yar ├── APT_RU_Turla_TinyTurlaNG.yar ├── INFO_7z_File.yar ├── INFO_ELF_Contains_iptable.yar ├── INFO_Executable_HTML_Equities.yar ├── INFO_Executable_HTML_Listener_Equities.yar ├── INFO_LNK_CommandLine_Atoms.yar ├── INFO_LNK_SelfParsing.yar ├── INFO_Macho_LOOBins.yar ├── INFO_Macho_Long_RPATH.yar ├── INFO_Macho_Scripting_Execution.yar ├── MAL_Zardoor.yar ├── SUSP_Base64_String_in_base64.yar ├── SUSP_DLL_All_LowerCase_Exports.yar ├── SUSP_DLL_Duplicated_First_ExportNames.yar ├── SUSP_LNK_Contains_PE.yar ├── SUSP_LNK_Embedded_ISO.yar ├── SUSP_LNK_FileSize_Header_Anomalies.yar ├── SUSP_LoadLibraryA_mutations.yar ├── SUSP_MinimalImports.yar ├── SUSP_Obfuscated_Mozilla.yar ├── SUSP_Obfuscated_Powershell.yar ├── SUSP_PE_HashLike_Features.yar ├── SUSP_PE_RSRC_Strings_Ref_64_and_32.yar ├── SUSP_PE_References_Lua.yar ├── SUSP_PE_Unusual_Imported_Library_Names.yar ├── SUSP_References_Likely_Traffic_Sniffing.yar ├── SUSP_kernel32_mutations.yar ├── SUSP_ntdlldll_mutation.yar └── TTP_RegOpenKeyExA_HKEY_Operations.yar ├── joe └── INFO_LNK_Findstr_NSLookup_CMD_LNK.yar ├── keaton └── generic_pdf.yara ├── larsborn ├── Day_001.yara ├── Day_002.yara ├── Day_003.yara ├── Day_004.yara ├── Day_005.yara ├── Day_006.yara ├── Day_007.yara ├── Day_008.yara ├── Day_009.yara ├── Day_010.yara ├── Day_011.yara ├── Day_012.yara ├── Day_013.yara ├── Day_014.yara ├── Day_015.yara ├── Day_016.yara ├── Day_017.yara ├── Day_018.yara ├── Day_019.yara ├── Day_020.yara ├── Day_021.yara ├── Day_022.yara ├── Day_023.yara ├── Day_024.yara ├── Day_025.yara └── Day_026.yara ├── petermstewart ├── 100DaysofYARA-2024.yar ├── FILE_filetypes.yar ├── HUNT_PDF_contains_TLP.yar ├── HUNT_Ransomware_generic_strings.yar ├── HUNT_Royal_RSA_Public_Key.yar ├── HUNT_Signal_Desktop_File_References.yar ├── HUNT_StripedFly.yar ├── HUNT_hacktool_ascii_art.yar ├── HUNT_nopsled.yar ├── MAL_APT_SugarGhost.yar ├── MAL_Backdoor_SQLMaggie.yar ├── MAL_Backdoor_SystemBC.yar ├── MAL_C2_AsyncRAT.yar ├── MAL_C2_BruteRatel_BRC4.yar ├── MAL_C2_CobaltStrike.yar ├── MAL_C2_DarkComet.yar ├── MAL_C2_Mythic.yar ├── MAL_C2_Netwire.yar ├── MAL_C2_Nighthawk.yar ├── MAL_C2_Nimplant.yar ├── MAL_C2_PingRAT.yar ├── MAL_C2_Remcos.yar ├── MAL_C2_Sliver.yar ├── MAL_FIN13.yar ├── MAL_Loader_BumbleBee.yar ├── MAL_Loader_KrustyLoader.yar ├── MAL_Loader_PrivateLoader.yar ├── MAL_Miner_LemonDuck.yar ├── MAL_Miner_XMRig.yar ├── MAL_Ransomware_Abyss.yar ├── MAL_Ransomware_Akira.yar ├── MAL_Ransomware_BlackCat.yar ├── MAL_Ransomware_BlackSuit.yar ├── MAL_Ransomware_Cactus.yar ├── MAL_Ransomware_Chaos.yar ├── MAL_Ransomware_GAZPROM.yar ├── MAL_Ransomware_H0lyGh0st.yar ├── MAL_Ransomware_HuntersInternational.yar ├── MAL_Ransomware_Kuiper.yar ├── MAL_Ransomware_Lckmac.yar ├── MAL_Ransomware_Lockbit.yar ├── MAL_Ransomware_NoVirus.yar ├── MAL_Ransomware_Royal.yar ├── MAL_Ransomware_Trigona.yar ├── MAL_Ransomware_Turtle.yar ├── MAL_Ransomware_Yanluowang.yar ├── PUP_Cloudflared.yar ├── PUP_NetworkScanners.yar ├── PUP_RemoteManagement.yar ├── TTP_WIP19_bad_cert.yar ├── TTP_anti-forensics.yar ├── TTP_contains_onion_address.yar ├── TTP_cryptocurrency.yar ├── TTP_cryptominer_generic_strings.yar └── TTP_download_commands.yar ├── qutluch ├── Day_001.yar ├── Day_002.yar ├── Day_003.yar ├── Day_004.yar ├── Day_005.yar ├── Day_006.yar ├── Day_007.yar ├── Day_008.yar ├── Day_009.yar ├── Day_010.yar ├── Day_011.yar ├── Day_012.yar ├── Day_013.yar ├── Day_014.yar ├── Day_015.yar ├── Day_016.yar ├── Day_017.yar ├── Day_018.yar ├── Day_019.yar ├── Day_020.yar ├── Day_021.yar ├── Day_022.yar ├── Day_023.yar ├── Day_024.yar ├── Day_025.yar ├── Day_026.yar ├── Day_027.yar ├── Day_028.yar ├── Day_029.yar ├── Day_030.yar ├── Day_031.yar ├── Day_032.yar ├── Day_033.yar └── Day_034.yar └── stvemillertime ├── ct_headers.yar ├── ct_mz_signed.yar ├── ct_pe_info.yar ├── ct_size.yar ├── ct_size_bands.yar ├── ct_size_bands_mz.yar ├── mal_statelytaurus.yar ├── mal_sugarghost_strings.yar ├── rule_to_create_rules.yar ├── ttp_cmdline_ipconfig_flushdns.yar ├── ttp_elf_etc_paths_1.yar ├── ttp_elf_systemd.yar ├── ttp_export_dll_name_uncommon.yar ├── ttp_lib_openssl_no_version_str.yar ├── ttp_lib_pcap_elf_alt.yar ├── ttp_logging_42fnn.yar ├── ttp_pe_size_of_code_gt_filesize.yar ├── ttp_toolmark_extension_lists.yar ├── ttp_toolmark_iec104_str.yar ├── ttp_toolmark_mobile_net_number_str.yar └── ttp_toolmark_physicaldrive.yar /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/LICENSE -------------------------------------------------------------------------------- /Mikesxrs/APT_CN_FISHMASTER_STRING_PDB_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_CN_FISHMASTER_STRING_PDB_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_CN_LINUX_RSHELL_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_CN_LINUX_RSHELL_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_CN_STATELYTAURUS_UNIQUE_STRINGS.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_CN_STATELYTAURUS_UNIQUE_STRINGS.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_CN_TA410_REVOKED_CERTIFICATE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_CN_TA410_REVOKED_CERTIFICATE.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_IR_NOJUSTICE_MALWARE_WIPER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_IR_NOJUSTICE_MALWARE_WIPER.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_NK_KIMSUKY_APPLESEED_IMPHASH_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_NK_KIMSUKY_APPLESEED_IMPHASH_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_NK_LAZARUS_DLRAT_IMPORT_HASH_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_NK_LAZARUS_DLRAT_IMPORT_HASH_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_NK_UNIQUE_ICON_RESOURCE_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_NK_UNIQUE_ICON_RESOURCE_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/APT_RU_TOOLMARK_MACOS_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/APT_RU_TOOLMARK_MACOS_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/CRIME_ASYNCRAT_DOTNET_METADATA_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/CRIME_ASYNCRAT_DOTNET_METADATA_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/CRIME_MALWARE_SPARKRAT_GOLANG.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/CRIME_MALWARE_SPARKRAT_GOLANG.yar -------------------------------------------------------------------------------- /Mikesxrs/CRIME_ORVX_WEBSHELL_V3_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/CRIME_ORVX_WEBSHELL_V3_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/CRIME_SERPENT_INFOSTEALER_DOTNET_METADATA_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/CRIME_SERPENT_INFOSTEALER_DOTNET_METADATA_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/CRIME_VALLEYFALL_PDB_PATH_IMPHASH_MALWARE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/CRIME_VALLEYFALL_PDB_PATH_IMPHASH_MALWARE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_ANDROID_APK_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_ANDROID_APK_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_ANDROID_DEX_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_ANDROID_DEX_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_API_OVERRIDE_TOOL_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_API_OVERRIDE_TOOL_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_ASPACK_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_ASPACK_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_BOOMERANG_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_BOOMERANG_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_CCG_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_CCG_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_CRUNCH_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_CRUNCH_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_CVE_MENTION.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_CVE_MENTION.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_DAStub_Dragon_Armor_protector.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_DAStub_Dragon_Armor_protector.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_ELF_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_ELF_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_ENIGMA_PROTECTOR.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_ENIGMA_PROTECTOR.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_EPACK_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_EPACK_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_EPL_BUILD.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_EPL_BUILD.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_FIRSERIA_PUP_DOWNLOADER_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_FIRSERIA_PUP_DOWNLOADER_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_GENTEE_INSTALLER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_GENTEE_INSTALLER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_HTTP_HTTPS_XOR.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_HTTP_HTTPS_XOR.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_HWP_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_HWP_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_ImpRec_Section_name.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_ImpRec_Section_name.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_KCP_MZ_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_KCP_MZ_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_KKRUNCHY_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_KKRUNCHY_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_LNK_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_LNK_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_LNK_FILE_CMD_LINE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_LNK_FILE_CMD_LINE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_LNK_FILE_POWERSHELL.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_LNK_FILE_POWERSHELL.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_LOLBIN_RUNDLL_USAGE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_LOLBIN_RUNDLL_USAGE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MASKPE_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MASKPE_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MEW_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MEW_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MPRESS_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MPRESS_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MZ_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MZ_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MZ_FILE_COMPUTERNAME_FUNCTION.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MZ_FILE_COMPUTERNAME_FUNCTION.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MZ_FILE_DISPLAY_FUNCTION.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MZ_FILE_DISPLAY_FUNCTION.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MZ_FILE_HARDWARE_FUNCTION.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MZ_FILE_HARDWARE_FUNCTION.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_MZ_FILE_USERNAME_FUNCTION.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_MZ_FILE_USERNAME_FUNCTION.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_NEOLITE_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_NEOLITE_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_NESTED_ZIP.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_NESTED_ZIP.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_NIGHTHAWK_C2_FRAMEWORK_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_NIGHTHAWK_C2_FRAMEWORK_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_NSPACK_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_NSPACK_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PDF_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PDF_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PDF_FILE_GOOGLE_DOC.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PDF_FILE_GOOGLE_DOC.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PEBUNDLE_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PEBUNDLE_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PECOMPACT_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PECOMPACT_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PELOCK_PROTECTOR.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PELOCK_PROTECTOR.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PERPLEX_PROTECTOR.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PERPLEX_PROTECTOR.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PESHIELD_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PESHIELD_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PESPIN_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PESPIN_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PETITE_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PETITE_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PHP_BASE64_EVAL.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PHP_BASE64_EVAL.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PIN_TOOL_ARTIFACT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PIN_TOOL_ARTIFACT.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_PROCRYPT_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_PROCRYPT_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_RAMNIT_VIRUS_MARKER_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_RAMNIT_VIRUS_MARKER_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_RLPACK_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_RLPACK_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_RPCRYPT_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_RPCRYPT_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_RTF_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_RTF_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_SEAUSFX_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_SEAUSFX_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_SHRINKER_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_SHRINKER_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_SIMPLE_PACK_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_SIMPLE_PACK_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_STARFORCE_PROTECTION_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_STARFORCE_PROTECTION_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_SVKP_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_SVKP_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_THEMIDA_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_THEMIDA_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_TSULOADER_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_TSULOADER_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_UNKNOWN_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_UNKNOWN_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_UPACK_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_UPACK_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_UPX_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_UPX_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_VMPROTECT_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_VMPROTECT_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_VPROTECT_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_VPROTECT_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_WINZIP_SELF_EXTRACTOR_SECTION_NAME.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_WINZIP_SELF_EXTRACTOR_SECTION_NAME.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_WWPACK_PACKER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_WWPACK_PACKER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_WinLicense_Protector.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_WinLicense_Protector.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_XOR_DOS_HEADER.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_XOR_DOS_HEADER.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_Y0DA_PROTECTOR.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_Y0DA_PROTECTOR.yar -------------------------------------------------------------------------------- /Mikesxrs/INFO_YARA_RULE_FILE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/INFO_YARA_RULE_FILE.yar -------------------------------------------------------------------------------- /Mikesxrs/private rule doc_author.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/private rule doc_author.yar -------------------------------------------------------------------------------- /Mikesxrs/private rule last_modifed_by.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/Mikesxrs/private rule last_modifed_by.yar -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/README.md -------------------------------------------------------------------------------- /SI_FalconTeam/SI_APT_Kimsuky_Certificate_D2Innovation_bc3a_Jan24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/SI_FalconTeam/SI_APT_Kimsuky_Certificate_D2Innovation_bc3a_Jan24.yar -------------------------------------------------------------------------------- /SI_FalconTeam/SI_APT_unattrib_netdoor_Jan24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/SI_FalconTeam/SI_APT_unattrib_netdoor_Jan24.yar -------------------------------------------------------------------------------- /SI_FalconTeam/SI_CRYPT_ScrubCrypt_BAT_Jan24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/SI_FalconTeam/SI_CRYPT_ScrubCrypt_BAT_Jan24.yar -------------------------------------------------------------------------------- /SI_FalconTeam/SI_CRYPT_hXOR_Jan24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/SI_FalconTeam/SI_CRYPT_hXOR_Jan24.yar -------------------------------------------------------------------------------- /SI_FalconTeam/SI_MAL_QBitStealer_Jan24.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/SI_FalconTeam/SI_MAL_QBitStealer_Jan24.yar -------------------------------------------------------------------------------- /albertzsigovits/fake_win_proc.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/albertzsigovits/fake_win_proc.yar -------------------------------------------------------------------------------- /albertzsigovits/mal_debug_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/albertzsigovits/mal_debug_str.yar -------------------------------------------------------------------------------- /captainGeech/day001_nim.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day001_nim.yara -------------------------------------------------------------------------------- /captainGeech/day002_golang.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day002_golang.yara -------------------------------------------------------------------------------- /captainGeech/day003_swift.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day003_swift.yara -------------------------------------------------------------------------------- /captainGeech/day004_rust.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day004_rust.yara -------------------------------------------------------------------------------- /captainGeech/day005_triangledb_strdec.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day005_triangledb_strdec.yara -------------------------------------------------------------------------------- /captainGeech/day006_triangledb_modkeychain_strdec.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day006_triangledb_modkeychain_strdec.yara -------------------------------------------------------------------------------- /captainGeech/day007_pe_imports.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day007_pe_imports.yara -------------------------------------------------------------------------------- /captainGeech/day008_triangledb_more_strdec.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day008_triangledb_more_strdec.yara -------------------------------------------------------------------------------- /captainGeech/day009_dockerfile.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day009_dockerfile.yara -------------------------------------------------------------------------------- /captainGeech/day010_notes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day010_notes.md -------------------------------------------------------------------------------- /captainGeech/day010_quine.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day010_quine.yara -------------------------------------------------------------------------------- /captainGeech/day011_yara.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day011_yara.yara -------------------------------------------------------------------------------- /captainGeech/day012_pwntools.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day012_pwntools.yara -------------------------------------------------------------------------------- /captainGeech/day013_qemu_plugin.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day013_qemu_plugin.yara -------------------------------------------------------------------------------- /captainGeech/day014_synapse_nodes.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day014_synapse_nodes.yara -------------------------------------------------------------------------------- /captainGeech/day015_lnk_powershell.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day015_lnk_powershell.yara -------------------------------------------------------------------------------- /captainGeech/day016_exploit_hunting.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day016_exploit_hunting.yara -------------------------------------------------------------------------------- /captainGeech/day017_exploitlogs_v1.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day017_exploitlogs_v1.yara -------------------------------------------------------------------------------- /captainGeech/day018_exploitlogs_v2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day018_exploitlogs_v2.yara -------------------------------------------------------------------------------- /captainGeech/day019_susp_forums.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day019_susp_forums.yara -------------------------------------------------------------------------------- /captainGeech/day020_resource_hunting.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day020_resource_hunting.yara -------------------------------------------------------------------------------- /captainGeech/day021_sensitive_docs.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day021_sensitive_docs.yara -------------------------------------------------------------------------------- /captainGeech/day022_ttp_virtualloc_rwx_1.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day022_ttp_virtualloc_rwx_1.yara -------------------------------------------------------------------------------- /captainGeech/day023_ttp_virtualloc_rwx_2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/captainGeech/day023_ttp_virtualloc_rwx_2.yara -------------------------------------------------------------------------------- /cc33kk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/cc33kk -------------------------------------------------------------------------------- /coldren/signature_files.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/coldren/signature_files.yar -------------------------------------------------------------------------------- /fr0gger/DAY10_DontDoThat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/DAY10_DontDoThat.yar -------------------------------------------------------------------------------- /fr0gger/Day1 - Mindmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day1 - Mindmap.png -------------------------------------------------------------------------------- /fr0gger/Day2_vt_domain_hunting.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day2_vt_domain_hunting.yar -------------------------------------------------------------------------------- /fr0gger/Day3_TriangleDB.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day3_TriangleDB.yar -------------------------------------------------------------------------------- /fr0gger/Day4_Xor_Hunting.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day4_Xor_Hunting.yar -------------------------------------------------------------------------------- /fr0gger/Day5_LNK_RemcosRat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day5_LNK_RemcosRat.yar -------------------------------------------------------------------------------- /fr0gger/Day6_Magic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day6_Magic.md -------------------------------------------------------------------------------- /fr0gger/Day7_Richash.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day7_Richash.yar -------------------------------------------------------------------------------- /fr0gger/Day_17_Rubeus_Typo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/Day_17_Rubeus_Typo -------------------------------------------------------------------------------- /fr0gger/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/README.md -------------------------------------------------------------------------------- /fr0gger/day14_MedusaLoaders.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/fr0gger/day14_MedusaLoaders.yar -------------------------------------------------------------------------------- /glesnewich/APT_IR_ShroudedSnooper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/APT_IR_ShroudedSnooper.yar -------------------------------------------------------------------------------- /glesnewich/APT_NK_TA444_SpectralBlur.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/APT_NK_TA444_SpectralBlur.yar -------------------------------------------------------------------------------- /glesnewich/APT_RU_TA422_EchoLaunch.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/APT_RU_TA422_EchoLaunch.yar -------------------------------------------------------------------------------- /glesnewich/APT_RU_Turla_TinyTurlaNG.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/APT_RU_Turla_TinyTurlaNG.yar -------------------------------------------------------------------------------- /glesnewich/INFO_7z_File.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_7z_File.yar -------------------------------------------------------------------------------- /glesnewich/INFO_ELF_Contains_iptable.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_ELF_Contains_iptable.yar -------------------------------------------------------------------------------- /glesnewich/INFO_Executable_HTML_Equities.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_Executable_HTML_Equities.yar -------------------------------------------------------------------------------- /glesnewich/INFO_Executable_HTML_Listener_Equities.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_Executable_HTML_Listener_Equities.yar -------------------------------------------------------------------------------- /glesnewich/INFO_LNK_CommandLine_Atoms.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_LNK_CommandLine_Atoms.yar -------------------------------------------------------------------------------- /glesnewich/INFO_LNK_SelfParsing.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_LNK_SelfParsing.yar -------------------------------------------------------------------------------- /glesnewich/INFO_Macho_LOOBins.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_Macho_LOOBins.yar -------------------------------------------------------------------------------- /glesnewich/INFO_Macho_Long_RPATH.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_Macho_Long_RPATH.yar -------------------------------------------------------------------------------- /glesnewich/INFO_Macho_Scripting_Execution.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/INFO_Macho_Scripting_Execution.yar -------------------------------------------------------------------------------- /glesnewich/MAL_Zardoor.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/MAL_Zardoor.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_Base64_String_in_base64.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_Base64_String_in_base64.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_DLL_All_LowerCase_Exports.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_DLL_All_LowerCase_Exports.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_DLL_Duplicated_First_ExportNames.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_DLL_Duplicated_First_ExportNames.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_LNK_Contains_PE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_LNK_Contains_PE.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_LNK_Embedded_ISO.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_LNK_Embedded_ISO.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_LNK_FileSize_Header_Anomalies.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_LNK_FileSize_Header_Anomalies.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_LoadLibraryA_mutations.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_LoadLibraryA_mutations.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_MinimalImports.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_MinimalImports.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_Obfuscated_Mozilla.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_Obfuscated_Mozilla.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_Obfuscated_Powershell.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_Obfuscated_Powershell.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_PE_HashLike_Features.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_PE_HashLike_Features.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_PE_RSRC_Strings_Ref_64_and_32.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_PE_RSRC_Strings_Ref_64_and_32.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_PE_References_Lua.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_PE_References_Lua.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_PE_Unusual_Imported_Library_Names.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_PE_Unusual_Imported_Library_Names.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_References_Likely_Traffic_Sniffing.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_References_Likely_Traffic_Sniffing.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_kernel32_mutations.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_kernel32_mutations.yar -------------------------------------------------------------------------------- /glesnewich/SUSP_ntdlldll_mutation.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/SUSP_ntdlldll_mutation.yar -------------------------------------------------------------------------------- /glesnewich/TTP_RegOpenKeyExA_HKEY_Operations.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/glesnewich/TTP_RegOpenKeyExA_HKEY_Operations.yar -------------------------------------------------------------------------------- /joe/INFO_LNK_Findstr_NSLookup_CMD_LNK.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/joe/INFO_LNK_Findstr_NSLookup_CMD_LNK.yar -------------------------------------------------------------------------------- /keaton/generic_pdf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/keaton/generic_pdf.yara -------------------------------------------------------------------------------- /larsborn/Day_001.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_001.yara -------------------------------------------------------------------------------- /larsborn/Day_002.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_002.yara -------------------------------------------------------------------------------- /larsborn/Day_003.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_003.yara -------------------------------------------------------------------------------- /larsborn/Day_004.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_004.yara -------------------------------------------------------------------------------- /larsborn/Day_005.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_005.yara -------------------------------------------------------------------------------- /larsborn/Day_006.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_006.yara -------------------------------------------------------------------------------- /larsborn/Day_007.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_007.yara -------------------------------------------------------------------------------- /larsborn/Day_008.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_008.yara -------------------------------------------------------------------------------- /larsborn/Day_009.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_009.yara -------------------------------------------------------------------------------- /larsborn/Day_010.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_010.yara -------------------------------------------------------------------------------- /larsborn/Day_011.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_011.yara -------------------------------------------------------------------------------- /larsborn/Day_012.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_012.yara -------------------------------------------------------------------------------- /larsborn/Day_013.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_013.yara -------------------------------------------------------------------------------- /larsborn/Day_014.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_014.yara -------------------------------------------------------------------------------- /larsborn/Day_015.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_015.yara -------------------------------------------------------------------------------- /larsborn/Day_016.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_016.yara -------------------------------------------------------------------------------- /larsborn/Day_017.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_017.yara -------------------------------------------------------------------------------- /larsborn/Day_018.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_018.yara -------------------------------------------------------------------------------- /larsborn/Day_019.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_019.yara -------------------------------------------------------------------------------- /larsborn/Day_020.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_020.yara -------------------------------------------------------------------------------- /larsborn/Day_021.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_021.yara -------------------------------------------------------------------------------- /larsborn/Day_022.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_022.yara -------------------------------------------------------------------------------- /larsborn/Day_023.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_023.yara -------------------------------------------------------------------------------- /larsborn/Day_024.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_024.yara -------------------------------------------------------------------------------- /larsborn/Day_025.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_025.yara -------------------------------------------------------------------------------- /larsborn/Day_026.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/larsborn/Day_026.yara -------------------------------------------------------------------------------- /petermstewart/100DaysofYARA-2024.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/100DaysofYARA-2024.yar -------------------------------------------------------------------------------- /petermstewart/FILE_filetypes.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/FILE_filetypes.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_PDF_contains_TLP.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_PDF_contains_TLP.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_Ransomware_generic_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_Ransomware_generic_strings.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_Royal_RSA_Public_Key.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_Royal_RSA_Public_Key.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_Signal_Desktop_File_References.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_Signal_Desktop_File_References.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_StripedFly.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_StripedFly.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_hacktool_ascii_art.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_hacktool_ascii_art.yar -------------------------------------------------------------------------------- /petermstewart/HUNT_nopsled.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/HUNT_nopsled.yar -------------------------------------------------------------------------------- /petermstewart/MAL_APT_SugarGhost.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_APT_SugarGhost.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Backdoor_SQLMaggie.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Backdoor_SQLMaggie.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Backdoor_SystemBC.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Backdoor_SystemBC.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_AsyncRAT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_AsyncRAT.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_BruteRatel_BRC4.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_BruteRatel_BRC4.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_CobaltStrike.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_CobaltStrike.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_DarkComet.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_DarkComet.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_Mythic.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_Mythic.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_Netwire.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_Netwire.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_Nighthawk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_Nighthawk.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_Nimplant.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_Nimplant.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_PingRAT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_PingRAT.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_Remcos.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_Remcos.yar -------------------------------------------------------------------------------- /petermstewart/MAL_C2_Sliver.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_C2_Sliver.yar -------------------------------------------------------------------------------- /petermstewart/MAL_FIN13.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_FIN13.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Loader_BumbleBee.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Loader_BumbleBee.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Loader_KrustyLoader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Loader_KrustyLoader.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Loader_PrivateLoader.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Loader_PrivateLoader.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Miner_LemonDuck.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Miner_LemonDuck.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Miner_XMRig.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Miner_XMRig.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Abyss.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Abyss.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Akira.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Akira.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_BlackCat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_BlackCat.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_BlackSuit.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_BlackSuit.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Cactus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Cactus.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Chaos.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Chaos.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_GAZPROM.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_GAZPROM.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_H0lyGh0st.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_H0lyGh0st.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_HuntersInternational.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_HuntersInternational.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Kuiper.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Kuiper.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Lckmac.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Lckmac.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Lockbit.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Lockbit.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_NoVirus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_NoVirus.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Royal.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Royal.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Trigona.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Trigona.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Turtle.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Turtle.yar -------------------------------------------------------------------------------- /petermstewart/MAL_Ransomware_Yanluowang.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/MAL_Ransomware_Yanluowang.yar -------------------------------------------------------------------------------- /petermstewart/PUP_Cloudflared.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/PUP_Cloudflared.yar -------------------------------------------------------------------------------- /petermstewart/PUP_NetworkScanners.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/PUP_NetworkScanners.yar -------------------------------------------------------------------------------- /petermstewart/PUP_RemoteManagement.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/PUP_RemoteManagement.yar -------------------------------------------------------------------------------- /petermstewart/TTP_WIP19_bad_cert.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/TTP_WIP19_bad_cert.yar -------------------------------------------------------------------------------- /petermstewart/TTP_anti-forensics.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/TTP_anti-forensics.yar -------------------------------------------------------------------------------- /petermstewart/TTP_contains_onion_address.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/TTP_contains_onion_address.yar -------------------------------------------------------------------------------- /petermstewart/TTP_cryptocurrency.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/TTP_cryptocurrency.yar -------------------------------------------------------------------------------- /petermstewart/TTP_cryptominer_generic_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/TTP_cryptominer_generic_strings.yar -------------------------------------------------------------------------------- /petermstewart/TTP_download_commands.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/petermstewart/TTP_download_commands.yar -------------------------------------------------------------------------------- /qutluch/Day_001.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_001.yar -------------------------------------------------------------------------------- /qutluch/Day_002.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_002.yar -------------------------------------------------------------------------------- /qutluch/Day_003.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_003.yar -------------------------------------------------------------------------------- /qutluch/Day_004.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_004.yar -------------------------------------------------------------------------------- /qutluch/Day_005.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_005.yar -------------------------------------------------------------------------------- /qutluch/Day_006.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_006.yar -------------------------------------------------------------------------------- /qutluch/Day_007.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_007.yar -------------------------------------------------------------------------------- /qutluch/Day_008.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_008.yar -------------------------------------------------------------------------------- /qutluch/Day_009.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_009.yar -------------------------------------------------------------------------------- /qutluch/Day_010.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_010.yar -------------------------------------------------------------------------------- /qutluch/Day_011.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_011.yar -------------------------------------------------------------------------------- /qutluch/Day_012.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_012.yar -------------------------------------------------------------------------------- /qutluch/Day_013.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_013.yar -------------------------------------------------------------------------------- /qutluch/Day_014.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_014.yar -------------------------------------------------------------------------------- /qutluch/Day_015.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_015.yar -------------------------------------------------------------------------------- /qutluch/Day_016.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_016.yar -------------------------------------------------------------------------------- /qutluch/Day_017.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_017.yar -------------------------------------------------------------------------------- /qutluch/Day_018.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_018.yar -------------------------------------------------------------------------------- /qutluch/Day_019.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_019.yar -------------------------------------------------------------------------------- /qutluch/Day_020.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_020.yar -------------------------------------------------------------------------------- /qutluch/Day_021.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_021.yar -------------------------------------------------------------------------------- /qutluch/Day_022.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_022.yar -------------------------------------------------------------------------------- /qutluch/Day_023.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_023.yar -------------------------------------------------------------------------------- /qutluch/Day_024.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_024.yar -------------------------------------------------------------------------------- /qutluch/Day_025.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_025.yar -------------------------------------------------------------------------------- /qutluch/Day_026.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_026.yar -------------------------------------------------------------------------------- /qutluch/Day_027.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_027.yar -------------------------------------------------------------------------------- /qutluch/Day_028.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_028.yar -------------------------------------------------------------------------------- /qutluch/Day_029.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_029.yar -------------------------------------------------------------------------------- /qutluch/Day_030.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_030.yar -------------------------------------------------------------------------------- /qutluch/Day_031.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_031.yar -------------------------------------------------------------------------------- /qutluch/Day_032.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_032.yar -------------------------------------------------------------------------------- /qutluch/Day_033.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_033.yar -------------------------------------------------------------------------------- /qutluch/Day_034.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/qutluch/Day_034.yar -------------------------------------------------------------------------------- /stvemillertime/ct_headers.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ct_headers.yar -------------------------------------------------------------------------------- /stvemillertime/ct_mz_signed.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ct_mz_signed.yar -------------------------------------------------------------------------------- /stvemillertime/ct_pe_info.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ct_pe_info.yar -------------------------------------------------------------------------------- /stvemillertime/ct_size.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ct_size.yar -------------------------------------------------------------------------------- /stvemillertime/ct_size_bands.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ct_size_bands.yar -------------------------------------------------------------------------------- /stvemillertime/ct_size_bands_mz.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ct_size_bands_mz.yar -------------------------------------------------------------------------------- /stvemillertime/mal_statelytaurus.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/mal_statelytaurus.yar -------------------------------------------------------------------------------- /stvemillertime/mal_sugarghost_strings.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/mal_sugarghost_strings.yar -------------------------------------------------------------------------------- /stvemillertime/rule_to_create_rules.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/rule_to_create_rules.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_cmdline_ipconfig_flushdns.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_cmdline_ipconfig_flushdns.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_elf_etc_paths_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_elf_etc_paths_1.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_elf_systemd.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_elf_systemd.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_export_dll_name_uncommon.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_export_dll_name_uncommon.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_lib_openssl_no_version_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_lib_openssl_no_version_str.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_lib_pcap_elf_alt.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_lib_pcap_elf_alt.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_logging_42fnn.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_logging_42fnn.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_pe_size_of_code_gt_filesize.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_pe_size_of_code_gt_filesize.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_toolmark_extension_lists.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_toolmark_extension_lists.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_toolmark_iec104_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_toolmark_iec104_str.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_toolmark_mobile_net_number_str.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_toolmark_mobile_net_number_str.yar -------------------------------------------------------------------------------- /stvemillertime/ttp_toolmark_physicaldrive.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/100DaysofYARA/2024/HEAD/stvemillertime/ttp_toolmark_physicaldrive.yar --------------------------------------------------------------------------------