Home

Awesome

ThreatHunting-Keywords-yara-rules

B9lGW1697885670

Yara rules for Threat Hunting sessions

All the detection patterns from the threathunting-keywords project are automatically organized in yara rules for each tool and keyword type. These YARA rules are designed for simple keyword detection, focusing on threat hunting sessions and large-scale triage, rather than performance optimization.

2 ruleset folders available:

image

a sperated rule file exist for each tool, organized in alphabetical order to bypass the GitHub limitation of 1000 files per directory.

Scanning with the yara rules

The python script scan.py enables cross-platform scanning of files and directories using the extracted YARA rules

Scanning a directory or a file with a yara rule:

2023-10-20 20_23_59-(1) mthcht on X_ _The #ThreatHunting Keywords project is slowly progressing, alm

Example of the json output file using -o or --output: 2023-10-20 20_29_27-(1) mthcht on X_ _The #ThreatHunting Keywords project is slowly progressing, alm

Scanning multiple directories or files with multiple yara rules:

image

image

image

Integrated with bincapz

Enumerates program capabilities and malicious behaviors with bincapz and this project rules: bincapz -third-party -all -stats myfolder