rules

rules copied to clipboard

more secure

Pierre-Gronau-ndaal

Add rules of weak passwords and default credentials hashes

2

Add rules of hashes of top 200 most used passwords in 2020 as well as rules of hashes of default credentials of various organisations.

ajubakhanji

This is PR as requested in https://github.com/Yara-Rules/rules/issues/412 (Original authors mentioned, I'm just doing the PR so I can't vouch which variant is better)

mnalis

Go language PE and ELF detections

1

PE and ELF Golang detection

RandomRhythm

SM4 constants according to https://datatracker.ietf.org/doc/html/draft-ribose-cfrg-sm4-10.

sylvainpelissier

Create CVE-2022-0847.yar

2

# CVE-2022-0847 PoC Rule Date: 2022-03-09 Exploit name: CVE_2022_0847 (a/k/a Dirty Cow 2.0) Reference: [https://haxx.in/files/dirtypipez.c](https://haxx.in/files/dirtypipez.c) Description: Detect local privilege escalation vulnerability Dirty Pipe[z]

vittring

Add Ryuk ransomware detection & Update index

1

Add Ryuk ransomware detection & Update index malware_index.yar

sidahmed-malaoui

Disable PEiD Armadillo packer false positive

2

"Armadillo v1.xx - v2.xx" is a false positive https://www.zscaler.com/blogs/research/your-windows-8-packed followup #337, #39

wesinator

Review and add: https://github.com/Hestat/lw-yara

jholgui

[PyInstaller](https://github.com/pyinstaller/pyinstaller) is used to freeze and package Python projects, and it is used by thousands of open source projects. Removing the rule helps reduce false positives.

danyeaw