├── LICENSE
├── README.md
├── example_models
    ├── LICENSE
    ├── generic_macho_detector_jan28_2020
    │   ├── benign_test_hashes.txt
    │   ├── benign_training_hashes.txt
    │   ├── generic_macho_detector.rule
    │   ├── malware_test_hashes.txt
    │   └── malware_training_hashes.txt
    ├── generic_powershell_detector_jan28_2020
    │   ├── LICENSE
    │   ├── benign_test_hashes.txt
    │   ├── benign_training_hashes.txt
    │   ├── generic_powershell_detector.rule
    │   ├── malware_test_hashes.txt
    │   ├── malware_training_hashes.txt
    │   └── validation_roc_with_recommended_thresholds.png
    └── solarwinds_pe_detector_dec15_2020
    │   ├── solarwinds_detector.yara
    │   └── solarwinds_detector_fpr_tpr_data.txt
└── yaraml_generator
    ├── LICENSE
    ├── README.md
    ├── requirements.txt
    ├── setup.py
    └── yaraml
        ├── __init__.py
        ├── __main__.py
        ├── convert_linear.py
        ├── convert_tree.py
        ├── features.py
        └── logline.py


/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/README.md


--------------------------------------------------------------------------------
/example_models/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/LICENSE


--------------------------------------------------------------------------------
/example_models/generic_macho_detector_jan28_2020/benign_test_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_macho_detector_jan28_2020/benign_test_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_macho_detector_jan28_2020/benign_training_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_macho_detector_jan28_2020/benign_training_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_macho_detector_jan28_2020/generic_macho_detector.rule:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_macho_detector_jan28_2020/generic_macho_detector.rule


--------------------------------------------------------------------------------
/example_models/generic_macho_detector_jan28_2020/malware_test_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_macho_detector_jan28_2020/malware_test_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_macho_detector_jan28_2020/malware_training_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_macho_detector_jan28_2020/malware_training_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/LICENSE


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/benign_test_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/benign_test_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/benign_training_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/benign_training_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/generic_powershell_detector.rule:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/generic_powershell_detector.rule


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/malware_test_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/malware_test_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/malware_training_hashes.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/malware_training_hashes.txt


--------------------------------------------------------------------------------
/example_models/generic_powershell_detector_jan28_2020/validation_roc_with_recommended_thresholds.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/generic_powershell_detector_jan28_2020/validation_roc_with_recommended_thresholds.png


--------------------------------------------------------------------------------
/example_models/solarwinds_pe_detector_dec15_2020/solarwinds_detector.yara:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/solarwinds_pe_detector_dec15_2020/solarwinds_detector.yara


--------------------------------------------------------------------------------
/example_models/solarwinds_pe_detector_dec15_2020/solarwinds_detector_fpr_tpr_data.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/example_models/solarwinds_pe_detector_dec15_2020/solarwinds_detector_fpr_tpr_data.txt


--------------------------------------------------------------------------------
/yaraml_generator/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/LICENSE


--------------------------------------------------------------------------------
/yaraml_generator/README.md:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/yaraml_generator/requirements.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/requirements.txt


--------------------------------------------------------------------------------
/yaraml_generator/setup.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/setup.py


--------------------------------------------------------------------------------
/yaraml_generator/yaraml/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/yaraml_generator/yaraml/__main__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/yaraml/__main__.py


--------------------------------------------------------------------------------
/yaraml_generator/yaraml/convert_linear.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/yaraml/convert_linear.py


--------------------------------------------------------------------------------
/yaraml_generator/yaraml/convert_tree.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/yaraml/convert_tree.py


--------------------------------------------------------------------------------
/yaraml_generator/yaraml/features.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/yaraml/features.py


--------------------------------------------------------------------------------
/yaraml_generator/yaraml/logline.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophos/yaraml_rules/HEAD/yaraml_generator/yaraml/logline.py


--------------------------------------------------------------------------------