Icewater: 16,432 Free Yara rules
Icewater Yara rules
This project provides open-source YARA rules for the detection of malware and malicious files. The anti-virus industry prefers names for a threat. This is my attempt to publish signatures as numbers. Since I find the naming of threats to be confusing and misleading I am attempting to locate threats in a phase-space so that their relationships can be measured, visualized and scientifically described.
Icewater Yara rulesYARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Each Yara signature in this archive is organized by a prefix and a 64-bit integer. The prefix is an index into file size and file type while the suffix is a 64 bit coordinate in a multidimensional hyperspace. Within a prefix, edit distance may be used to understand how two clusters relate to each other.
Goals Icewater Yara rules
My goal for this project is to place a large quantity of Yara rules into the network security community that it measurably effects global cybersecurity. Please let me know when you think I’m getting close to my goal.
How these rules get written
Icewater clusters malicious objects on the internet and when it has enough information about these objects it will publish a Yara rule that can be used to detect the threat. Since I am generally annoyed with the state of internet security I am publishing many of the rules Icewater writes.
Each rule leverages the hash module of the Yara tools. I provide an offset into a file and the amount of data that you should hash and the hash algorithm. I choose md5 because it is fast and most folks dislike it because of the possibility of collision. If you think I should choose a different hashing algorithm please explain over beers.
Download
Copyright (c) 202?, SupportIntelligence
All rights reserved.
