YARA Rules - Detection Rules

About These Rules

This collection contains YARA rules developed for detecting various malware families, attack techniques, and suspicious behaviors. Each rule is designed to be precise and minimize false positives while maximizing detection coverage.

Malware Families

Rules targeting specific malware families and variants

Attack Techniques

Detection rules for common attack patterns and TTPs

Packer Detection

Signatures for identifying packed and obfuscated malware

Custom Threats

Specialized rules for specific threat campaigns

Rule Collection

EDR-Freeze Detection

YARA rule for detecting EDR-Freeze tool artifacts and behavior

Coming Soon

Usage Guidelines

When using these YARA rules:

Test thoroughly: Always validate rules in a safe environment before production use
Monitor performance: Some rules may impact scanning performance on large datasets
Update regularly: Malware evolves, so rules should be updated accordingly
Report issues: False positives and false negatives should be reported for rule improvement

Contributing

These rules are developed based on real-world analysis and threat intelligence. If you have suggestions for improvements or new rules, feel free to reach out through the contact page.