ReversingLabs YARA Rules

Welcome to the official ReversingLabs YARA rules repository! This repository will be updated regularly as we create rules for new threats. Each rule will be thoroughly tested in our cloud and other environments to ensure its quality before it is added.

These guidelines have been crafted by our threat analysts specifically for threat hunters, incident responders, security analysts, and other defenders who can benefit from implementing high-quality threat detection YARA rules in their environments. Our detection rules, unlike hunting rules, must meet specific criteria to qualify for deployment. These criteria include: * being as precise as possible while maintaining detection quality * aiming to achieve zero false-positive detections To make the rules easy to understand and maintain, we have established the following goals: * using clearly named byte patterns * ensuring conditions are readable and transparent * targeting unique malware functionalities * prioritizing code byte patterns over strings To guarantee the quality of our rules, we conduct continuous and extensive testing in our cloud environment, analyzing over 10 billion (and increasing) unique binaries. Rules are assessed at every layer to identify threats within layered objects, such as packed PE files, documents, and various other file types.