diff --git a/yara/index.yara b/yara/index.yara new file mode 100644 index 0000000..b0aebb5 --- /dev/null +++ b/yara/index.yara @@ -0,0 +1,261 @@ +include "./virus/Win32.Virus.Elerad.yara" +include "./virus/Win32.Virus.Negt.yara" +include "./virus/Win32.Virus.DeadCode.yara" +include "./virus/Win32.Virus.Cmay.yara" +include "./virus/Win32.Virus.Mocket.yara" +include "./virus/Win32.Virus.Awfull.yara" +include "./virus/Win32.Virus.Greenp.yara" +include "./virus/Linux.Virus.Vit.yara" +include "./trojan/Win32.Trojan.HermeticWiper.yara" +include "./trojan/Win32.Trojan.CaddyWiper.yara" +include "./trojan/Win32.Trojan.Emotet.yara" +include "./trojan/Win32.Trojan.IsaacWiper.yara" +include "./trojan/Win32.Trojan.Dridex.yara" +include "./trojan/Win32.Trojan.TrickBot.yara" +include "./exploit/Win32.Exploit.CVE20200601.yara" +include "./infostealer/Win32.Infostealer.MultigrainPOS.yara" +include "./infostealer/Win32.Infostealer.ProjectHookPOS.yara" +include "./ransomware/Win32.Ransomware.ZeroCrypt.yara" +include "./ransomware/Win32.Ransomware.HydraCrypt.yara" +include "./ransomware/Win32.Ransomware.CryptoJoker.yara" +include "./ransomware/Win32.Ransomware.BlackCat.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Venom.yara" +include "./ransomware/Win64.Ransomware.BlackBasta.yara" +include "./ransomware/Win32.Ransomware.Makop.yara" +include "./ransomware/Win32.Ransomware.IFN643.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara" +include "./ransomware/Win32.Ransomware.Ransomexx.yara" +include "./ransomware/Win32.Ransomware.BitCrypt.yara" +include "./ransomware/Win32.Ransomware.Babuk.yara" +include "./ransomware/Win32.Ransomware.Marlboro.yara" +include "./ransomware/Win32.Ransomware.Atlas.yara" +include "./ransomware/Win32.Ransomware.Monalisa.yara" +include "./ransomware/Win32.Ransomware.Rokku.yara" +include "./ransomware/Win32.Ransomware.Teslarvng.yara" +include "./ransomware/Win32.Ransomware.BlackMoon.yara" +include "./ransomware/Win32.Ransomware.DearCry.yara" +include "./ransomware/Win32.Ransomware.MRAC.yara" +include "./ransomware/Win64.Ransomware.Ako.yara" +include "./ransomware/Win32.Ransomware.Nefilim.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Pacman.yara" +include "./ransomware/Win32.Ransomware.GandCrab.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara" +include "./ransomware/Win32.Ransomware.CryptoLocker.yara" +include "./ransomware/Win32.Ransomware.OphionLocker.yara" +include "./ransomware/Win32.Ransomware.Zoldon.yara" +include "./ransomware/Win32.Ransomware.Hermes.yara" +include "./ransomware/Win32.Ransomware.TechandStrat.yara" +include "./ransomware/Linux.Ransomware.LuckyJoe.yara" +include "./ransomware/Win64.Ransomware.HotCoffee.yara" +include "./ransomware/Win32.Ransomware.LeChiffre.yara" +include "./ransomware/Win32.Ransomware.BKRansomware.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Janelle.yara" +include "./ransomware/Win32.Ransomware.TBLocker.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.EAF.yara" +include "./ransomware/Win32.Ransomware.Blitzkrieg.yara" +include "./ransomware/Win32.Ransomware.HDDCryptor.yara" +include "./ransomware/Win32.Ransomware.GlobeImposter.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Dusk.yara" +include "./ransomware/Win32.Ransomware.Sherminator.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Hog.yara" +include "./ransomware/Win64.Ransomware.Wintenzz.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara" +include "./ransomware/Win32.Ransomware.KillDisk.yara" +include "./ransomware/Win32.Ransomware.HentaiOniichan.yara" +include "./ransomware/Win32.Ransomware.CryptoFortress.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Cring.yara" +include "./ransomware/Win32.Ransomware.WinWord64.yara" +include "./ransomware/Win32.Ransomware.Gpcode.yara" +include "./ransomware/Win32.Ransomware.Jormungand.yara" +include "./ransomware/Win32.Ransomware.Dragon.yara" +include "./ransomware/Win32.Ransomware.Skystars.yara" +include "./ransomware/Win32.Ransomware.Defray.yara" +include "./ransomware/Win32.Ransomware.Nemty.yara" +include "./ransomware/Win32.Ransomware.Jemd.yara" +include "./ransomware/Win64.Ransomware.DST.yara" +include "./ransomware/Win32.Ransomware.FCT.yara" +include "./ransomware/Win32.Ransomware.LooCipher.yara" +include "./ransomware/Win32.Ransomware.Kovter.yara" +include "./ransomware/Win32.Ransomware.RagnarLocker.yara" +include "./ransomware/Win32.Ransomware.Velso.yara" +include "./ransomware/Win32.Ransomware.FLKR.yara" +include "./ransomware/Win32.Ransomware.Knot.yara" +include "./ransomware/Win32.Ransomware.District.yara" +include "./ransomware/Win32.Ransomware.HDMR.yara" +include "./ransomware/Win32.Ransomware.DirtyDecrypt.yara" +include "./ransomware/Win32.Ransomware.HowAreYou.yara" +include "./ransomware/Win32.Ransomware.WaspLocker.yara" +include "./ransomware/Win64.Ransomware.SeedLocker.yara" +include "./ransomware/Win32.Ransomware.5ss5c.yara" +include "./ransomware/Win32.Ransomware.TargetCompany.yara" +include "./ransomware/Win32.Ransomware.Zeoticus.yara" +include "./ransomware/Win32.Ransomware.Flamingo.yara" +include "./ransomware/Win32.Ransomware.CryptoWall.yara" +include "./ransomware/Win32.Ransomware.Sanwai.yara" +include "./ransomware/Win32.Ransomware.HakunaMatata.yara" +include "./ransomware/Win64.Ransomware.RedRoman.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Namaste.yara" +include "./ransomware/Win32.Ransomware.GPGQwerty.yara" +include "./ransomware/Win32.Ransomware.Matsnu.yara" +include "./ransomware/Win32.Ransomware.DarkSide.yara" +include "./ransomware/Win32.Ransomware.DMALocker.yara" +include "./ransomware/Win32.Ransomware.Sifrelendi.yara" +include "./ransomware/Win32.Ransomware.Gibon.yara" +include "./ransomware/Win32.Ransomware.Erica.yara" +include "./ransomware/Win32.Ransomware.Crypren.yara" +include "./ransomware/Win32.Ransomware.Prometey.yara" +include "./ransomware/Win32.Ransomware.Lolkek.yara" +include "./ransomware/Win32.Ransomware.NB65.yara" +include "./ransomware/Win32.Ransomware.Cincoo.yara" +include "./ransomware/Win32.Ransomware.Pay2Key.yara" +include "./ransomware/Win32.Ransomware.Dualshot.yara" +include "./ransomware/Win32.Ransomware.JuicyLemon.yara" +include "./ransomware/Win32.Ransomware.Ferrlock.yara" +include "./ransomware/Win32.Ransomware.GarrantyDecrypt.yara" +include "./ransomware/Win32.Ransomware.RansomPlus.yara" +include "./ransomware/Win32.Ransomware.Delphimorix.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara" +include "./ransomware/Win32.Ransomware.Good.yara" +include "./ransomware/Win32.Ransomware.AnteFrigus.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Fantom.yara" +include "./ransomware/Win32.Ransomware.Reveton.yara" +include "./ransomware/Win32.Ransomware.TorrentLocker.yara" +include "./ransomware/Win32.Ransomware.FenixLocker.yara" +include "./ransomware/Win32.Ransomware.AvosLocker.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Apis.yara" +include "./ransomware/Win32.Ransomware.PXJ.yara" +include "./ransomware/Win32.Ransomware.Henry.yara" +include "./ransomware/Win32.Ransomware.Cuba.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara" +include "./ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara" +include "./ransomware/Win32.Ransomware.Ladon.yara" +include "./ransomware/Win64.Ransomware.Pandora.yara" +include "./ransomware/Win32.Ransomware.Sarbloh.yara" +include "./ransomware/Win32.Ransomware.Crysis.yara" +include "./ransomware/Win32.Ransomware.Termite.yara" +include "./ransomware/Win32.Ransomware.Koxic.yara" +include "./ransomware/Win32.Ransomware.Sifreli.yara" +include "./ransomware/Win32.Ransomware.Bam2021.yara" +include "./ransomware/Win32.Ransomware.Armage.yara" +include "./ransomware/Win32.Ransomware.Kraken.yara" +include "./ransomware/Win32.Ransomware.Encoded01.yara" +include "./ransomware/Win32.Ransomware.Alcatraz.yara" +include "./ransomware/Win32.Ransomware.Conti.yara" +include "./ransomware/Linux.Ransomware.RedAlert.yara" +include "./ransomware/Win32.Ransomware.Zhen.yara" +include "./ransomware/Win32.Ransomware.TeleCrypt.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara" +include "./ransomware/Win32.Ransomware.Saturn.yara" +include "./ransomware/Win32.Ransomware.Maktub.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara" +include "./ransomware/Linux.Ransomware.KillDisk.yara" +include "./ransomware/Win32.Ransomware.Zeppelin.yara" +include "./ransomware/Win32.Ransomware.RegretLocker.yara" +include "./ransomware/Win32.Ransomware.Spora.yara" +include "./ransomware/Win32.Ransomware.Motocos.yara" +include "./ransomware/Win32.Ransomware.RetMyData.yara" +include "./ransomware/Win32.Ransomware.CryptoBit.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.WildFire.yara" +include "./ransomware/Win32.Ransomware.Redeemer.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara" +include "./ransomware/Win64.Ransomware.Seth.yara" +include "./ransomware/Win32.Ransomware.ChiChi.yara" +include "./ransomware/Win64.Ransomware.AntiWar.yara" +include "./ransomware/Win32.Ransomware.Ouroboros.yara" +include "./ransomware/Win32.Ransomware.Satana.yara" +include "./ransomware/Win64.Ransomware.WhiteBlackCrypt.yara" +include "./ransomware/Win32.Ransomware.VHDLocker.yara" +include "./ransomware/Win32.Ransomware.Meow.yara" +include "./ransomware/Win32.Ransomware.DesuCrypt.yara" +include "./ransomware/Win32.Ransomware.Ragnarok.yara" +include "./ransomware/Win32.Ransomware.MedusaLocker.yara" +include "./ransomware/Win32.Ransomware.NanoLocker.yara" +include "./ransomware/Win32.Ransomware.Mafia.yara" +include "./ransomware/Win32.Ransomware.Xorist.yara" +include "./ransomware/Win64.Ransomware.AwesomeScott.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Invert.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Moisha.yara" +include "./ransomware/Win32.Ransomware.WsIR.yara" +include "./ransomware/Win32.Ransomware.DenizKizi.yara" +include "./ransomware/Win32.Ransomware.Montserrat.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara" +include "./ransomware/Win32.Ransomware.PrincessLocker.yara" +include "./ransomware/Win32.Ransomware.Revil.yara" +include "./ransomware/Win32.Ransomware.MarsJoke.yara" +include "./ransomware/Win32.Ransomware.BrainCrypt.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Retis.yara" +include "./ransomware/Win32.Ransomware.Petya.yara" +include "./ransomware/Win32.Ransomware.MZP.yara" +include "./ransomware/Win32.Ransomware.Ako.yara" +include "./ransomware/Win32.Ransomware.Clop.yara" +include "./ransomware/Win32.Ransomware.BananaCrypt.yara" +include "./ransomware/Win32.Ransomware.Oni.yara" +include "./ransomware/Win64.Ransomware.Solaso.yara" +include "./ransomware/Win32.Ransomware.Jamper.yara" +include "./ransomware/Win32.Ransomware.GusCrypter.yara" +include "./ransomware/Win32.Ransomware.Wastedlocker.yara" +include "./ransomware/Win32.Ransomware.Teslacrypt.yara" +include "./ransomware/Win32.Ransomware.Networm.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara" +include "./ransomware/Win32.Ransomware.BadBlock.yara" +include "./ransomware/Linux.Ransomware.GwisinLocker.yara" +include "./ransomware/Win32.Ransomware.ShadowCryptor.yara" +include "./ransomware/Win32.Ransomware.Serpent.yara" +include "./ransomware/Win32.Ransomware.Thanatos.yara" +include "./ransomware/Win32.Ransomware.Avaddon.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara" +include "./ransomware/Win32.Ransomware.Magniber.yara" +include "./ransomware/Win32.Ransomware.ASN1Encoder.yara" +include "./ransomware/Win32.Ransomware.Balaclava.yara" +include "./ransomware/Win32.Ransomware.MountLocker.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara" +include "./ransomware/Win32.Ransomware.NotPetya.yara" +include "./ransomware/Win32.Ransomware.BlackBasta.yara" +include "./ransomware/Win64.Ransomware.Curator.yara" +include "./ransomware/Win32.Ransomware.Kangaroo.yara" +include "./ransomware/Win64.Ransomware.Nokoyawa.yara" +include "./ransomware/Win32.Ransomware.Sigrun.yara" +include "./ransomware/Win32.Ransomware.Lorenz.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Thanos.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Eternity.yara" +include "./ransomware/Win32.Ransomware.Badbeeteam.yara" +include "./ransomware/Win32.Ransomware.FuxSocy.yara" +include "./ransomware/Win32.Ransomware.Buran.yara" +include "./ransomware/Win32.Ransomware.DMR.yara" +include "./ransomware/Win32.Ransomware.Horsedeal.yara" +include "./ransomware/Win64.Ransomware.Vovalex.yara" +include "./ransomware/Win32.Ransomware.BlueLocker.yara" +include "./ransomware/Win32.Ransomware.InfoDot.yara" +include "./ransomware/Win32.Ransomware.WannaCry.yara" +include "./ransomware/Win32.Ransomware.Satan.yara" +include "./ransomware/Win32.Ransomware.DogeCrypt.yara" +include "./ransomware/Win32.Ransomware.FarAttack.yara" +include "./ransomware/Win32.Ransomware.Cryakl.yara" +include "./ransomware/Win32.Ransomware.Plague17.yara" +include "./ransomware/Win32.Ransomware.Major.yara" +include "./ransomware/Win32.Ransomware.Gomer.yara" +include "./ransomware/Win32.Ransomware.BandarChor.yara" +include "./ransomware/Win32.Ransomware.JSWorm.yara" +include "./ransomware/Win32.Ransomware.Dharma.yara" +include "./ransomware/Win32.Ransomware.Sepsis.yara" +include "./ransomware/Win64.Ransomware.HermeticRansom.yara" +include "./ransomware/Win32.Ransomware.KawaiiLocker.yara" +include "./ransomware/Win32.Ransomware.Afrodita.yara" +include "./ransomware/Win32.Ransomware.Outsider.yara" +include "./ransomware/Win32.Ransomware.Archiveus.yara" +include "./ransomware/Win32.Ransomware.Acepy.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara" +include "./ransomware/Win32.Ransomware.LockBit.yara" +include "./ransomware/Win32.Ransomware.SevenSevenSeven.yara" +include "./ransomware/ByteCode.MSIL.Ransomware.Oct.yara" +include "./ransomware/Win32.Ransomware.VegaLocker.yara" +include "./ransomware/Win32.Ransomware.Ryuk.yara" +include "./ransomware/Win64.Ransomware.Rook.yara" +include "./ransomware/Win32.Ransomware.Paradise.yara" +include "./ransomware/Win32.Ransomware.Crypmic.yara" +include "./ransomware/Win32.Ransomware.Sage.yara" +include "./ransomware/Win32.Ransomware.Ransoc.yara" +include "./downloader/Win32.Downloader.dlMarlboro.yara" +include "./certificate/blocklist.yara" +include "./pua/Win32.PUA.Domaiq.yara" diff --git a/yara/update_index.sh b/yara/update_index.sh new file mode 100755 index 0000000..1327f9b --- /dev/null +++ b/yara/update_index.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +find . -name "*.yara" -not -name "index.yara" | sed -e 's/^/include "/g' | sed -e 's/$/"/g' >index.yara