performing-malware-triage-with-yara

Featured

Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences, and structural characteristics against known malware families and suspicious indicators. Covers rule writing, scanning, and integration with analysis pipelines. Activates for requests involving YARA rule creation, malware classification, pattern matching, sample triage, or signature-based detection.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Malware Triage with YARA ## When to Use - Rapidly classifying a large batch of malware samples against known family signatures - Writing detection rules for a newly analyzed malware family based on unique byte patterns - Scanning file shares, endpoints, or memory dumps for indicators of a specific threat - Building automated triage pipelines that classify samples before manual analysis - Hunting for variants of a known threat across an enterprise using YARA scans **Do not use** as the sole analysis method; YARA triage identifies known patterns but does not reveal new or unknown malware behaviors. ## Prerequisites - YARA 4.x installed (`apt install yara` or `pip install yara-python`) - YARA rule repositories (YARA-Rules, awesome-yara, Malpedia rules, Florian Roth's signature-base) - Python 3.8+ with `yara-python` for scripted scanning - Sample collection organized in a directory structure for batch scanning - Understanding of PE file format, hex patterns, and regular expressions for rule writing ## Workflow ### Step 1: Scan Samples with Existing Rule Sets Apply community and commercial YARA rules to classify samples: ```bash # Scan a single file yara -s malware_rules.yar suspect.exe # Scan a directory of samples yara -r malware_rules.yar /path/to/samples/ # Scan with multiple rule files yara -r rules/apt_rules.yar rules/ransomware_rules.yar rules/trojan_rules.yar suspect.exe # Scan with timeout (prevent hanging on large files) yara -t 30 malware_rules....

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-threat-hunting-with-yara-rules

Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems and memory dumps. Covers rule authoring, yara-python scanning, and integration with threat intel feeds.

13,115 Updated today
mukul975
AI & Automation Featured

performing-yara-rule-development-for-detection

Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.

13,115 Updated today
mukul975
API & Backend Solid

yara-rule-authoring

Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.

5,501 Updated 4 days ago
trailofbits
AI & Automation Solid

yara-rules-skill

YARA rule creation, testing, and deployment

1,160 Updated today
a5c-ai
Data & Documents Listed

malware-triage

Malware triage workflow — sandbox output analysis (CAPE/Hybrid-Analysis/ANY.RUN/Joe Sandbox), YARA rule scaffolding at pattern level, IOC extraction, and TTP mapping to MITRE ATT&CK. Sandbox-only discipline; do not detonate in production or without an isolated runtime.

4 Updated 1 weeks ago
roodlicht