blueteamsec

627 readers

40 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat

100 Days of YARA 2026: Various rules from days 8, 9 and 10 (self.blueteamsec)

submitted 1 month ago by digicat to c/blueteamsec

0 comments fedilink hide all child comments

Detects Industroyer malware based on the count of specific PE Rich header Prod IDs https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules/Day8.yara

Detects Paper Werewolf (GOFFEE) EchoGather backdoor https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_8.yara

Detects Blue noroff MACOS initial access script https://github.com/Squiblydoo/100DaysofYARA/blob/main/Squiblydoo/Day9.yara

Detects NukeSped used by various DPRK APTs based on PE Rich header properties https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules/Day9.yara

Detects PE+ZIP polyglot files (T1036.008) https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_9.yara

Detects Watch Wolf (Hive0117) DarkWatchman JS loader https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_10.yara

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here