Blacklisted bunch of YARA rules

Starting to think whether efb8d9c was a good idea or not. These rules have been tested to trigger against the benignware dataset of chapter 8 of the Malware Data Science book[1]. [1] https://www.malwaredatascience.com/code-and-data
pyllyukko · Nov 30, 2023 · 6883a58 · 6883a58 · pyllyukko · Jan 11, 2024
1 parent 09e1c1f
commit 6883a58
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/tasks/clamav.yml b/tasks/clamav.yml
@@ -220,7 +220,6 @@
           mimikatz
           ft_elf
           ft_exe
-          DebuggerPattern__RDTSC
           maldoc_suspicious_strings
           maldoc_structured_exception_handling
           maldoc_function_prolog_signature
@@ -239,6 +238,30 @@
           Ramnit
           FE_APT_Backdoor_Linux32_SLOWPULSE_2
           trickbot_maldoc_embedded_dll_september_2020
+          reads_clipboard
+          cve_2014_6352
+          upx
+          embedded_macho
+          maldoc_find_kernel32_base_method_1
+          browser_pass
+          shylock
+          XYPayload
+          sysocmgr
+          maldoc_getEIP_method_1
+          cmd_shell
+          obfuscation_singlebyte_mov
+          vmdetect
+          Embedded_PE
+          dotnet_libraries
+          TrojanWin32CitadelSampleA
+          executable_au3
+          dbgdetect_funcs
+          MD5_Constants
+          RIPEMD160_Constants
+          _UPX_V200V290
+          RogueFakePAVSample
+          SHA1_Constants
+          Check_VBox_Guest_Additions
       tags:
         - configuration
         - yara