Austin Byers

Good question @toringe , no specific reason that I can recall. I may have copied that regex from somewhere or just made it up. If you find a shorter prefix...

This would be similar to the already existing `live_test` functionality, just for arbitrary files

Unfortunately, this is going to be a bit tricky, as neither YARA or yara-python provide access to internal rule logic, so it's currently not possible to compute a hash of...

Another caveat: just because a rule was slightly modified does not necessarily mean we would want to re-alert on all previous matches. This requires some more consideration

Another potential source: https://github.com/eset/malware-ioc

Another great list: https://github.com/intezer/GithubDownloader/blob/master/repos.txt This is kind of an ongoing task, but I'm going to leave it open until we can test and add at least a few more repos.

Another source (converting Clamav definitions to YARA): https://github.com/sec51/clamav-yara

See also the Awesome YARA project: https://github.com/InQuest/awesome-yara

Great idea! For at least the next quarter or two, we will be focusing and getting the most value out of the YARA analysis. Supporting a wide variety of other...

I also wrote this for my master's thesis! :) https://drive.google.com/file/d/0B98ag6-EDHwSZzVlN2YxaWtRQkE/view?usp=sharing