Used by two of XProtect’s malware detection features, Yara rules are valuable way to check whether files satisfy a logical condition, and more.| The Eclectic Light Company
For some time, I have been using a YARA rule for Gootloader zips, to hunt for additional samples on VirusTotal. But I have never seen one for the .JS file inside of the .zip. I have never created a YARA rule before, and set out to figure it out. Perfect timing as a new video […]| ⌛☃❀✵Gootloader Details ✵❀☃⌛
We are pleased to announce a significant enhancement for users of THOR Cloud and THOR Cloud Lite:| Nextron Systems
Understanding how to detect obfuscated threats is key to defending against stealthy cyber attacks. Learn how THOR uncovers hidden threats.| www.nextron-systems.com
Discover daily YARA usage at Sekoia.io TDR. Learn how YARA rules identify threats and aid in investigations and DFIR engagements.| Sekoia.io Blog
Tracking the many iterations of this stealer| OALABS Research
aray is a Yara reversing challenge. The Yara language is used to classified and identify malware (and other binary) files. In aray, I’m given a complex rule with hundreds of conditions that define a 85 byte file. I’ll find the 38 conditions that actually define the 85 bytes, and write a Python script to parse the rule and return the file contents.| 0xdf hacks stuff
During a routine audit of various WordPress plugins, we identified some issues in Profile Builder and Profile Builder Pro (50k+ active installs). We discovered an Unauthenticated Privilege Escalati…| WPScan
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...| blog.virustotal.com
We’re excited to announce a significant update to THOR, our comprehensive digital forensic scanner, which now extends multi-threading capabilities to both the standard version and THOR Lite. Previously exclusive to our forensic lab license holders, this enhancement allows users across all versions to leverage multiple CPU cores to expedite their scans.| Nextron Systems
Breakdown of a recent Gozi trojan Italian targeted campaign| Toxin Labs
