The pattern matching swiss knife for malware researchers.

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

• YARA @ GitHub.
• YARA documentation @ Read the Docs

Repository of Yara rules dedicated to Phishing Kits Zip files.

This repository, dedicated to Phishing Kits zip files YARA rules, is based on zip raw format analysis to find directories and files names, you don't need yara-extend there.

• PhishingKit-Yara-Rules @ GitHub.

Related contents:

• Episode #513 conscacré à StalkPhish @ NoLimitSecu :fr:.

Threat-hunting tool for Linux . Bring your Linux Threat-Hunting capabilities to the next level.

Kunai is a powerful tool designed to bring actionable insights for tasks such as security monitoring and threat hunting on Linux systems. Think of it as the Linux counterpart to Sysmon on Windows, tailored for comprehensive and precise event monitoring.

• Kunai @ GitHub.

Related contents:

• nukunai @ GitHub.
• Episode #503 consacré à Kunai, un outil open source de monitoring pour Linux @ NoLimitSecu :fr:.

Extract and aggregate threat intelligence. An extendable tool to extract and aggregate IOCs from threat feeds.

ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.