mandiant / capa-rulesLinks
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
☆638Updated this week
Alternatives and similar repositories for capa-rules
Users that are interested in capa-rules are comparing it to the libraries listed below
Sorting:
- Distributed malware processing framework based on Python, Redis and S3.☆443Updated 2 weeks ago
- DRAKVUF Sandbox - automated hypervisor-level malware analysis system☆1,215Updated this week
- MBC content in markdown☆485Updated 4 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆584Updated last year
- ReversingLabs YARA Rules☆865Updated last week
- Repository of YARA rules made by Trellix ATR Team☆613Updated 7 months ago
- Malware repository component for samples & static configuration with REST API interface.☆367Updated this week
- Malduck is your ducky companion in malware analysis journeys☆346Updated 4 months ago
- Cuckoo3 is a Python 3 open source automated malware analysis system.☆772Updated 4 months ago
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆717Updated 2 years ago
- YARA malware query accelerator (web frontend)☆434Updated last month
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆385Updated 3 years ago
- YARA Rules I come across on the internet☆352Updated last year
- Dynamic unpacker based on PE-sieve☆774Updated last month
- A Binary Genetic Traits Lexer Framework☆515Updated 2 months ago
- High Octane Triage Analysis☆776Updated this week
- Threat Intel IoCs + bits and pieces of dark matter☆418Updated 4 months ago
- Collaborative Malware Analysis Platform at Scale☆761Updated this week
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆259Updated 2 years ago
- Volatility plugin for extracts configuration data of known malware☆490Updated last year
- The multi-platform memory acquisition tool.☆860Updated last week
- Sandbox for automated Linux malware analysis.☆485Updated 2 years ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆236Updated 11 months ago
- Windows kernel and user mode emulation.☆1,770Updated 6 months ago
- IOC from articles, tweets for archives☆319Updated last year
- Security ML models encoded as Yara rules☆213Updated 2 years ago
- Sophos-originated indicators-of-compromise from published reports☆632Updated 2 months ago
- Malware Configuration And Payload Extraction☆759Updated 11 months ago
- ☆513Updated last year
- ☆158Updated 2 years ago