Yara Search

Search engine for Yara Rules

Wshell Fire2013

Catches a webshell

imported yara
Author: Vlad https://github.com/vlad-s
Released: August 3, 2025
Wshell ChineseSpam

Catches chinese PHP spam files (autospreaders)

imported yara
Author: Vlad https://github.com/vlad-s
Released: August 3, 2025
WShell THOR Webshells

Weevely Webshell - Generic Rule - heavily scrambled tiny web shell

imported yara
Author: Florian Roth
Released: August 3, 2025
WShell PHP In Images

Finds image files w/ PHP code in images

imported yara
Author: Vlad https://github.com/vlad-s
Released: August 3, 2025
WShell PHP Anuna

Catches a PHP Trojan

imported yara
Author: Vlad https://github.com/vlad-s
Released: August 3, 2025
WShell Drupalgeddon2 Icos

.ico PHP webshell - file <eight-num-letter-chars>.ico

imported yara
Author: Luis Fueris
Released: August 3, 2025
WShell ChinaChopper

Detect China Chopper ASPX webshell

imported yara
Author: Ryan Boyle randomrhythm@rhythmengineering.com
Released: August 3, 2025
WShell ASPXSpy

Detect ASPXSpy

imported yara
Author: xylitol@temari.fr
Released: August 3, 2025
WShell APT Laudanum

Laudanum Injector Tools - file file.asp

imported yara
Author: Florian Roth
Released: August 3, 2025
Virustotal

catch files

imported yara
Author: @abhinavbom
Released: August 3, 2025
Url
imported yara
Author: Antonio S. <asanchez@plutec.net>
Released: August 3, 2025
Suspicious Strings

Contains references to system / monitoring tools

imported yara
Author: Ivan Kwiatkowski (@JusticeRage)
Released: August 3, 2025
Magic
imported yara
Author: Didier Stevens (https://DidierStevens.com)
Released: August 3, 2025
Ip
imported yara
Author: Antonio S. <asanchez@plutec.net>
Released: August 3, 2025
Domain
imported yara
Author: Antonio S. <asanchez@plutec.net>
Released: August 3, 2025
Base64

This rule finds for base64 strings

imported yara
Author: Jaume Martin
Released: August 3, 2025
Tweetable-Polyglot-Png

tweetable-polyglot-png: https://github.com/DavidBuchanan314/tweetable-polyg....

imported yara
Author: Manfred Kaiser
Released: August 3, 2025
Peid

Microsoft Visual C++ 5.0

imported yara
Author: PEiD
Released: August 3, 2025
Packer Compiler Signatures

Entropy Check

imported yara
Author: _pusher_
Released: August 3, 2025
Packer

recent Emotet packer pdb string

imported yara
Author: Marc Salinas (@Bondey_m)
Released: August 3, 2025
Javascript Exploit And Obfuscation

JavaScript Obfuscation Detection

imported yara
Author: Josh Berry
Released: August 3, 2025
JJencode

jjencode detection

imported yara
Author: adnan.shukor@gmail.com
Released: August 3, 2025
Mobile Malware Index
imported yara
Author: YARA GitHub Importer
Released: August 3, 2025
TOOLKIT Exe2hex Payload

Detects payload generated by exe2hex

imported yara
Author: Florian Roth
Released: August 3, 2025
TOOLKIT Wineggdrop

Rules for TCP Portscanner VX.X by WinEggDrop

imported yara
Author: Christian Rebischke (@sh1bumi)
Released: August 3, 2025
TOOLKIT THOR HackTools

Windows Credential Editor

imported yara
Author: Marc Stroebel
Released: August 3, 2025
TOOLKIT Solarwinds Credential Stealer

Detects solarwinds credential stealers like e.g. solarflare via the touched....

imported yara
Author: Arnim Rupp
Released: August 3, 2025
TOOLKIT Redteam Tools By Name

Detects .NET red/black-team tools via name

imported yara
Author: Arnim Rupp
Released: August 3, 2025
TOOLKIT Redteam Tools By GUID

Detects c# red/black-team tools via typelibguid

imported yara
Author: Arnim Rupp
Released: August 3, 2025
TOOLKIT Pwdump

Detects all QuarksPWDump versions

imported yara
Author: Florian Roth
Released: August 3, 2025