I have concept based on a theory... dragnet and aggregate yara rules to encompass a baseline set of patterns that can then be automated for an initial ci/cd job that checks a likelihood of a binary to contain malware and reference the possible pattern matches to enable pre-deployment verification of a binary...I have nothing, other than a need to get VirusTotal enterprise for research - which isn't as easy as I imagined.
https://arxiv.org/abs/2009.03779 https://support.virustotal.com/hc/en-us/articles/360010904818-VTDIFF-Automatic-YARA-rules The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. On Sun, Nov 27, 2022 at 11:16 PM Patrik Nygren <[email protected]> wrote: > Interested, what have you got? > > I've got nothing, except that there are rules here and there on the > Internet, released by known and unknown companies/organizations, but I > haven't been able to find a one-stop-shop, much less a credible one. > > /P > > måndag 28 november 2022 kl. 02:19:40 UTC+1 skrev [email protected]: > >> I am actively pursuing research around this thinking .... if you're >> interested >> >> >> >> >> >> >> >> >> >> >> The content of this email is confidential and intended for the recipient >> specified in message only. It is strictly forbidden to share any part of >> this message with any third party, without a written consent of the sender. >> If you received this message by mistake, please reply to this message and >> follow with its deletion, so that we can ensure such a mistake does not >> occur in the future. >> >> >> On Sun, Nov 27, 2022 at 6:01 AM Patrik Nygren <[email protected]> wrote: >> >>> Is it possible for Yara to act as a complete antimalware solution? With >>> this I mean that the rules should be regularly updated and from a trusted >>> source (NIST, CIS etc). >>> It will be used in a system where there no longer are any commercially >>> available antimalware solutions. >>> >>> Oh, and if the rules can be found in a downloadable package it would be >>> a bonus since the system in question does not have Internet access. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "YARA" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/yara-project/f6ad9ba3-9e23-4813-bd9c-0ec8ba2293aen%40googlegroups.com >>> <https://groups.google.com/d/msgid/yara-project/f6ad9ba3-9e23-4813-bd9c-0ec8ba2293aen%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/ed0feea6-d6d9-443d-8bd3-e412996430b7n%40googlegroups.com > <https://groups.google.com/d/msgid/yara-project/ed0feea6-d6d9-443d-8bd3-e412996430b7n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/CAPB8yMQNQObdbeuWhO7_xMDAye1V%3DOLXnu3G0PwzSBnGkg9B1A%40mail.gmail.com.
