Awesome

yarasigs

Custom rules for yara-integrated scans

signatures/cve.yar

• CVE-2012-0158 (Common OLE signature)
• CVE-2012-0158 (Newer variant)

signatures/apt.yar

• From AlienVault Labs
• http://labs.alienvault.com/labs/index.php/2013/yara-rules-for-apt1comment-crew-malware-arsenal/
• https://github.com/jaimeblasco/AlienvaultLabs/blob/master/malware_analysis/CommentCrew/apt1.yara

signatures/xplug.yar

• Possible XPlug variants (newer releases)
• Dynamic DLL abuse signatures

signatures/hangover.yar

• From AlienVault Labs
• http://labs.alienvault.com/labs/index.php/2013/yara-rules-and-network-detection-for-operation-hangover/
• https://github.com/jaimeblasco/AlienvaultLabs/tree/master/malware_analysis/Hangover