Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alternate definitions for ClamAV

    Scheduled Pinned Locked Moved Cache/Proxy
    43 Posts 13 Posters 24.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stewart
      last edited by

      @Peen:

      Any insight on my previous post? Set it up as instructed. The DB's all update, and I checked the DB's were there. But I don't see them being applied. Also doesn't seem to be blocking anything more in my tests.

      This is what my DB says…

      Squid Version   3.5.19_1
      Antivirus Scanner   ClamAV 0.99.2    C-ICAP 0.4.3 +  SquidClamav 6.10
      Antivirus Bases
      Database Date Version Builder
      daily.cld 2016.09.19 22224 neo
      bytecode.cvd 2016.06.23 283 neo
      main.cvd 2016.03.16 57 amishhammer
      Last Update Mon Sep 19 17:03:48 2016
      Statistics Found 3 virus(es) total.

      If you run a freshclam and see them updating then they are in there.  What if you download a file to the box and run a clamscan on it?  If it catches it then it may be a proxy integration thing.

      1 Reply Last reply Reply Quote 0
      • A
        AR15USR
        last edited by

        @Stewart:

        @Peen:

        Any insight on my previous post? Set it up as instructed. The DB's all update, and I checked the DB's were there. But I don't see them being applied. Also doesn't seem to be blocking anything more in my tests.

        This is what my DB says…

        Squid Version   3.5.19_1
        Antivirus Scanner   ClamAV 0.99.2    C-ICAP 0.4.3 +  SquidClamav 6.10
        Antivirus Bases
        Database Date Version Builder
        daily.cld 2016.09.19 22224 neo
        bytecode.cvd 2016.06.23 283 neo
        main.cvd 2016.03.16 57 amishhammer
        Last Update Mon Sep 19 17:03:48 2016
        Statistics Found 3 virus(es) total.

        If you run a freshclam and see them updating then they are in there.  What if you download a file to the box and run a clamscan on it?  If it catches it then it may be a proxy integration thing.

        2 days with no more of the FP's. Looks like they are fixed, thanks sanesecurity…

        2.6.0-RELEASE

        1 Reply Last reply Reply Quote 0
        • S
          Stewart
          last edited by

          @AR15USR:

          @Stewart:

          @Peen:

          Any insight on my previous post? Set it up as instructed. The DB's all update, and I checked the DB's were there. But I don't see them being applied. Also doesn't seem to be blocking anything more in my tests.

          This is what my DB says…

          Squid Version   3.5.19_1
          Antivirus Scanner   ClamAV 0.99.2    C-ICAP 0.4.3 +  SquidClamav 6.10
          Antivirus Bases
          Database Date Version Builder
          daily.cld 2016.09.19 22224 neo
          bytecode.cvd 2016.06.23 283 neo
          main.cvd 2016.03.16 57 amishhammer
          Last Update Mon Sep 19 17:03:48 2016
          Statistics Found 3 virus(es) total.

          If you run a freshclam and see them updating then they are in there.  What if you download a file to the box and run a clamscan on it?  If it catches it then it may be a proxy integration thing.

          2 days with no more of the FP's. Looks like they are fixed, thanks sanesecurity…

          Yup, Steve is awesome!  You guys have no idea how responsive and helpful he's been.  Thanks @sanesecurity!

          1 Reply Last reply Reply Quote 0
          • I
            IggyB
            last edited by

            Great thread. Thanks so much for this information and to sanesecurity for db's

            Is there a way i could whitelist a specific website in clam .conf files?

            1 Reply Last reply Reply Quote 0
            • I
              IggyB
              last edited by

              I also forgot to mention once you do load advanced configuration the settings on the page will be void.

              So if you want to disable clamav scanning streamed audio/video while advance mode is enabled you can add this code to the end of squidclamav.conf

              Do not scan (streamed) videos and audios

              abort ^..(flv|f4f|mp(3|4))(?.)?$
              abort ^..(m3u|pls|wmx|aac|mpeg)(?.)?$
              abortcontent ^video/x-flv$
              abortcontent ^video/mp4$
              abortcontent ^audio/mp4$
              abortcontent ^.audio/mp4.$
              abortcontent ^video/webm$
              abortcontent ^audio/webm$
              abortcontent ^video/MP2T$
              abortcontent ^audio/wmx$
              abortcontent ^audio/mpeg$
              abortcontent ^audio/aac$
              abortcontent ^.application/x-mms-framed.$

              2. In freshclam.conf don't forget to change to your nearest server. Do not touch one below described as "database.clamav.net is round-robin"

              Mine is Australia

              Uncomment the following line and replace XY with your country

              code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.

              You can use db.XY.ipv6.clamav.net for IPv6 connections.

              DatabaseMirror db.au.clamav.net

              1 Reply Last reply Reply Quote 0
              • A
                AR15USR
                last edited by

                Thanks IggyB..

                2.6.0-RELEASE

                1 Reply Last reply Reply Quote 0
                • A
                  asterix
                  last edited by

                  After updating to above settings I am getting this false positive Virus detected warning in diag_edit.php of pfSense page. How can I get rid of this?

                  SquidClamav 6.10: Virus detected!

                  The requested URL http://192.168.1.1/diag_edit.php contains a virus
                  Virus name: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL

                  This file cannot be downloaded.

                  Origin: - / -

                  1 Reply Last reply Reply Quote 0
                  • I
                    Impatient
                    last edited by

                    You can try this https://forum.pfsense.org/index.php?topic=120154.msg664657#msg664657 for a temporary work around but I believe that disable's the definition.

                    Otherwise you will have to contact sane security.

                    1 Reply Last reply Reply Quote 0
                    • A
                      asterix
                      last edited by

                      Thanks, that worked.

                      1 Reply Last reply Reply Quote 0
                      • J
                        johnabbot
                        last edited by

                        The alternative definitions have been triggering on iOS app updates of late.

                        Has anyone else seen this behaviour?

                        VIRUS FOUND Sanesecurity.Foxhole.JS_Zip_19.UNOFFICIAL

                        http://appldnld.apple.com/ios10.0/091-00410-20170307-333298AC-FD56-11E6-A830-06ECE1925776/com_apple_MobileAsset_CoreSuggestions/5b0b88c6446d899e5bec5a5ac298ed55bbbf1cbb.zip

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          The FPs need to be reported to the signatures maintainer. (But please understand that these things are mostly made for email AV filtering.)

                          1 Reply Last reply Reply Quote 0
                          • A
                            AR15USR
                            last edited by

                            Yes I've been getting those too. You can report it here:

                            http://sanesecurity.com/support/false-positives/

                            2.6.0-RELEASE

                            1 Reply Last reply Reply Quote 0
                            • E
                              extremeshok
                              last edited by

                              Hi

                              We are busy adding full support for pfsense to the next version of the script :  https://github.com/extremeshok/clamav-unofficial-sigs

                              Please post issues here: https://github.com/extremeshok/clamav-unofficial-sigs/issues/

                              1 Reply Last reply Reply Quote 0
                              • E
                                extremeshok
                                last edited by

                                5.6.1 released with pfsense support : https://github.com/extremeshok/clamav-unofficial-sigs

                                Install guide is here : https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/guides/pfsense.md

                                Version 5.6.1 (updated 2017-03-18)

eXtremeSHOK.com Maintenance
Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH
Codeclimate fixes
Incremented the config to version 73
Version 5.6 (updated 2017-03-17)

eXtremeSHOK.com Maintenance
PGP is now optional and no longer a requirement and pgp support is auto-detected
Full support for MacOS / OS X and added clamav install guide
Full support for pfSense and added clamav install guide
Added os configs for Zimbra and Debian 8 with systemd
Much better error messages with possible solutions given
Better checking of possible issues
Update all SANESECURITY signature databases
Support for clamav-devel (clamav compiled from source)
Added full proxy support to wget and curl
Replace allot of "echo | cut | sed" with bash substitutions
Added fallbacks/substitutions for various commands
xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks
Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors
Allow exit code 23 for rsync
Major refactoring : Normalize comments, quotes, functions, conditions
Protect various arguments and "POSIX-ize" script integrity
Enhanced testing with travis-ci, including clamav 0.99
Incremented the config to version 72
                                1 Reply Last reply Reply Quote 0
                                • J
                                  johnabbot
                                  last edited by

                                  Thank you for this.

                                  All went well here except.

                                  WARNING: Failed connection to http://cdn.rfxn.com/downloads - SKIPPED linuxmalwaredetect rfxn.ndb update
                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    johnabbot
                                    last edited by

                                    Hi

                                    Where does Clam AV store the files it believes are viruses (or does it even)?

                                    I'd like to be able to extract them to check against Virus Total / RE them etc

                                    Anyone know the answer to this?

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      johnabbot
                                      last edited by

                                      Hi

                                      I have an issue with a false positive, I've reported it ages ago but it keeps showing up.

                                      Anyone know how to remove Sanesecurity.Foxhole?

                                      The blizzard of false positives is obscuring the real viruses it catches, which is annoying.

                                      Cheers

                                      Jon

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        smolka_J
                                        last edited by smolka_J

                                        I figured I would post an update on a few things to add I've found if it helps others referencing this as I did, all pulled from my running config on pfSense 22.01 and can be placed in the noted files without setting the manual config option if familiar between command line in the GUI and/or a Putty console:

                                        Do not scan (streamed) videos and audios: place in "/usr/local/etc/c-icap/squidclamav.conf" and remove the # to enable the extras if wanted:

                                        abort ^.*\.(wav|aiff|ogg|flac|opus|flv|f4f|m2a|mjpeg|mov|mp(2|3|4))(\?.*)?$
abort ^.*\.(avi|avs|mpg|asf|mkv|dv|m1v|m2v|m3u|pls|wmx|aac|mpeg|ogm|ogv|ts)(\?.*)?$
abortcontent ^video\/x-flv$
abortcontent ^audio\/aiff$
abortcontent ^video\/mp4$
abortcontent ^audio\/mp4$
abortcontent ^.*audio\/mp4.*$
abortcontent ^video\/webm$
abortcontent ^audio\/webm$
abortcontent ^video\/mp2t$
abortcontent ^audio\/wmx$
abortcontent ^audio\/mpeg$
abortcontent ^audio\/x-mpeg$
abortcontent ^audio\/aac$
abortcontent ^video\/x-msvideo$
abortcontent ^video\/msvideo$
abortcontent ^video\/avi$
abortcontent ^video\/mpeg$
abortcontent ^video\/x-mpeg$
abortcontent ^video\/ogg$
abortcontent ^audio\/ogg$
abortcontent ^audio\/opus$
abortcontent ^video\/mp2t$
abortcontent ^audio\/wav$
abortcontent ^video\/3gpp$
abortcontent ^audio\/3gpp$
abortcontent ^video\/3gpp2$
abortcontent ^audio\/3gpp2$
abortcontent ^video\/x-motion-jpeg$
abortcontent ^video\/x-dv$
abortcontent ^video\/x-ms-asf$
abortcontent ^video\/quicktime$
abortcontent ^.*application\/x-mms-framed.*$

# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$

# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$

# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$

# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$

# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$

# White list some sites
#whitelist .*\.clamav.net

                                        Following Securiteinfo guide to ensure maximum detection rates, I did edit my clamd.conf and enabled the PUA option but found I first had to enable that in the GUI first before editing the suggested clamd.conf file and proceeded to do the same in the other two copies pfSense builds the running file from on reboots/reloads. Each of the following are located in "/usr/local/etc/c-icap/" :
                                        "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense"
                                        modified these lines:

                                        DetectPUA yes
ExcludePUA PUA.Win.Packer
ExcludePUA PUA.Win.Trojan.Packed
ExcludePUA PUA.Win.Trojan.Molebox
ExcludePUA PUA.Win.Packer.Upx
ExcludePUA PUA.Doc.Packed
MaxScanSize 150M
MaxFileSize 100M
MaxRecursion 40
MaxEmbeddedPE 100M
MaxHTMLNormalize 50M
MaxScriptNormalize 50M
MaxZipTypeRcg 50M
                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          smolka_J
                                          last edited by smolka_J

                                          The following DatabaseCustomURLs can be added to the freshclam conf files to gain more ClamAV signatures/definitions for more effective use, I added it to all three files to carryover through reboots/reloads. These files are located in "/usr/local/etc/" : "freshclam.conf", "freshclam.conf.pfsense", and "freshclam.conf.default" I found going this method to add these is more up to date than ExtremShoks built in list and just as much work if not easier to get fully working. I also added at the top an updated list of entries for anyone with Premium subscription to Securiteinfo's 0-Day files to make sure you get them all:

                                          # Malwarepatrol - Need to signup for free and replace all x's with receipt code and remove # to enable

#DatabaseCustomURL https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=32&list=clamav_basic


# SecuriteInfo signatures

DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfopdf.hdb

# Remove the below # to enable if you have Securiteinfo Premium Subscription

#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo0hour.hdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.mdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.pdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.yara # Premium Subscription


## All others found working on 22.01

DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/sanesecurity.ftm
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbla.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/phishtank.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/phish.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/scam.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/porcupine.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/porcupine.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/rogue.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_malware_attach.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/shelter.ldb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/hackingteam.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/malwarehash.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/spear.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/spearl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_malware.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_spam_complete.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_extended_malware_links.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow.complex.patterns.ldb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/crdfam.clamav.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/Sanesecurity_sigtest.yara
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/Sanesecurity_spam.yara
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.yara
DatabaseCustomURL https://raw.githubusercontent.com/ditekshen/detection/master/clamav/clamav.ldb
DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinclams.ldb
DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinwave.ign2
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Angler.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Blackhole.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_BleedingLife.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Crimepack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Eleonore.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Fragus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Phoenix.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Sakura.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_ZeroAcces.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Zerox88.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Zeus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/000_common_rules.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT1.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT10.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT17.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT29_Grizzly_Steppe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT9002.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Backspace.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Bestia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Blackenergy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Bluetermite_Emdivi.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_C16.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Carbanak.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Careto.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Casper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_CheshireCat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Cloudduke.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Cobalt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Codoso.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DPRK_ROKRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DeepPanda_Anthem.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DeputyDog.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Dubnium.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Duqu2.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_EQUATIONGRP.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Emissary.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_EnergeticBear_backdoored_ssh.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Equation.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_FVEY_ShadowBrokers_Jan17_Screen_Strings.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_FiveEyes.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Greenbug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Hellsing.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_HiddenCobra.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Hikit.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Industroyer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Irontiger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Kaba.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Ke3Chang_TidePool.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_LotusBlossom.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Minidionis.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Mirage.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Molerats.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Mongall.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_MoonlightMaze.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_NGO.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OPCleaver.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Oilrig.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpClandestineWolf.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpDustStorm.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpPotao.yar

continued in next post...
                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            smolka_J
                                            last edited by

                                            Page 2 continued DatabaseCustomURLs:

                                            DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_PCclient.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Passcv.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Pipcreat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Poseidon_Group.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Prikormka.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_PutterPanda.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_RedLeaves.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Regin.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sauron_extras.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Scarab_Scieron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Seaduke.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Snowglobe_Babar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Bundestag.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Fysbis.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Jun16.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sphinx_Moth.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Stuxnet.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Terracota.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_ThreatGroup3390.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_TradeSecret.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Turla_Neuron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_UP007_SLServer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Unit78020.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Waterbug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_WildNeutron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Windigo_Onimiki.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Winnti.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_WoolenGoldfish.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_eqgrp_apr17.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_fancybear_dnc.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_fancybear_downdelph.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_furtim.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/EXPERIMENTAL_Beef.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/GEN_PowerShell.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_ATMPot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_ATM_HelloWorld.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_AgentTesla.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_AgentTesla_SMTP.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Alina.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Andromeda.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Arkei.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Athena.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Atmos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BackdoorSSH.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Backoff.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Bangat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BlackRev.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BlackWorm.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Boouset.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Bublik.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Buzus_Softpulse.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_CAP_HookExKeylogger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Chicken.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Citadel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cloaking.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cookies.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cxpid.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cythosia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DDoSTf.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Derkziel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Dexter.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DiamondFox.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DirtJumper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Eicar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Emotet.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Empire.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Exploit_UAC_Elevators.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Ezcob.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_F0xy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FALLCHILL.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FUDCrypt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FakeM.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Fareit.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Favorite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Gafgyt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Genome.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Gozi.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Grozlex.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Hsdfihdf_banking.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Intel_Virtualization.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_IotReaper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Jolob_Backdoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_KINS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kelihos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_KeyBase.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Korlia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Korplug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kovter.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kraken.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kwampirs.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Lateral_Movement.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Lenovo_Superfish.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxBew.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxHelios.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxMoose.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LostDoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LuaBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MSILStealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MacGyver.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Madness.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_backend.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_frontend.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_suspicious.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Mailers.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MedusaHTTP_2019.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Miancha.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MiniAsp3_mem.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Miscelanea_Linux.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Monero_Miner_installer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_NionSpy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Notepad.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_OSX_Leverage.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PittyTiger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PolishBankRat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Ponmocup.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Pony.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Predator.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PurpleWave.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PyPI.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Retefe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Rockloader.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Rovnix.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sakurel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sayad.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sendsafe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Shamoon.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Shifu.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Skeleton.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Spora.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sqlite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Stealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Tedroo.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Tinba.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_TreasureHunt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_TrickBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Trumpbot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Upatre.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Urausy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Virut_FileInfector_UNK_VERSION.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Volgmer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Wabot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XHide.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XMRIG_Miner.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XOR_DDos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Yayih.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Yordanyan_ActiveAgent.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Zegost.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Zeus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_adwind_RAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_hancitor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_kirbi_mimikatz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_kpot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_marap.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_shifu_shiz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_sitrof_fortis_scar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_viotto_keylogger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/PapaAlfa.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/RomeoEcho.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/TangoAlfa.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/UniformJuliett.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/cert_wiper.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/general.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/suicidescripts.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Bernhard.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_BruteforcingBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Easterjack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_FastPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_LogPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_MalumPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Mozart.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_.CRYPTXXX.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_777.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Alpha.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Cerber.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Comodosec.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Crypren.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_CryptoNar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Cryptolocker.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_DMALocker.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_DoublePulsar_Petya.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Erebus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_GPGQwerty.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_GoldenEye.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Locky.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Maze.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_PetrWrap.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Petya.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Petya_MS17_010.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Pico.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Satana.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Shiva.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Sigma.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Snake.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_TeslaCrypt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Tox.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_acroware.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_jeff_dev.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_locdoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_screenlocker_5h311_1nj3c706.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_shrug2.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_termite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Adwind.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Adzok.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Asyncrat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_BlackShades.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Bolonyokte.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Bozok.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Cerberus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Crimson.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_CyberGate.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_FlyingKitten.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Gh0st.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Gholee.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Glass.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Havex.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Indetectables.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Meterpreter_Reverse_Tcp.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Nanocore.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_NetwiredRC.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Orcus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PlugX.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoetRATDoc.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoetRATPython.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoisonIvy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Ratdecoders.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Sakula.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_ShadowTech.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Shim.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Terminator.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_ZoxPNG.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_jRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_xRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_xRAT20.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Chinese_Hacktools.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Dubrute.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Gen_powerkatz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_PassTheHash.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Pwdump.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Redteam_Tools_by_GUID.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Redteam_Tools_by_Name.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Solarwinds_credential_stealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Wineggdrop.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_exe2hex_payload.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0887.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-1297.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2012-0158.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2013-0074.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2013-0422.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-1701.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-2426.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-2545.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-5119.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2016-5195.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2017-11882.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2018-20250.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2018-4878.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/extortion_email.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/Email_generic_phishing.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/EMAIL_Cryptowall.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/Email_fake_it_maintenance_bulletin.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/email_Ukraine_BE_powerattack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/scam.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/webshells/WShell_ASPXSpy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/webshells/WShell_Drupalgeddon2_icos.yar
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.