This repository contains a curated collection of YARA rules designed to detect a wide range of malware families, phishing campaigns, and other malicious artifacts.
The rules are regularly updated to reflect the latest malware trends observed in the wild, with a focus on accuracy and reducing false positives.
This project is intended for:
- Malware researchers — to speed up classification and detection of samples.
- Threat hunters and SOC analysts — to enrich detection capabilities and incident response.
- Security engineers — to integrate YARA detection logic into larger defense systems.
This project and everyone participating in it is governed by our Code of Conduct. By participating, you are expected to uphold this code.
We welcome contributions! Your input helps us keep the rule set accurate and up to date. If you'd like to contribute, here’s how you can get involved:
- Open an issue to discuss a rule idea or improvement.
- Submit a PR with:
- The rule file (use clear naming and include meta fields such as
description,author,date,reference). - A brief rationale and, if possible, example detections/benign checks to minimize FPs.
- The rule file (use clear naming and include meta fields such as
YARA Rules: Cyber Threat Detection Tool for Modern Cybersecurity
Malware Analysis in ANY.RUN: The Ultimate Guide
Malware Analysis articles (case studies, walkthroughs)
If you'd like to try out ANY.RUN, you can request a trial here.
Support inquiries – [email protected]
Public relations and partnerships – [email protected]