More Than One Thousand Researchers and Threat Hunters First to Preview Newly Published YARA Rules for Detecting Top Windows and Linux Malware Families
CAMBRIDGE, Mass. - June 30, 2020 – ReversingLabs, the leading provider of explainable threat intelligence solutions, made a sizable contribution to the open source community today, publishing 128 of its rigorously tested YARA rules to GitHub for the first time. Announced at ReversingLabs inaugural threat hunter summit REVERSING 2020, these now publicly available rules enable threat defenders to detect a multitude of prominent and prevalent malware downloaders, viruses, trojans, exploits, and ransomware, including WannaCry, Ryuk, GandCrab, TrickBot and others. With free access to these rules that generate precise and accurate results and attribution, threat defenders now have the ability to more quickly pivot from a malware detection event to threat response.
“Knowing that a YARA rule has detected ransomware with high degree of precision can mean the difference between a prevented attack and the one that slips by because it was left waiting for investigation to elevate its importance,” said Tomislav Pericin, Chief Software Architect and Co-Founder, ReversingLabs. “Threat hunters can confidently add these YARA rules to their toolkit. They are built to provide zero false-positive detections. Only those that pass rigorous testing against our 10 billion unique binaries get published, ensuring quality and efficacy.”
Leveraging ReversingLabs extensive repository of 10 billion goodware and malware samples, deep understanding of destructive objects, and its analysts’ nearly two decades of threat hunting experience, these malware detection rules help threat hunters and other threat defenders attribute malware by type and family or variety to expedite threat response processes and reduce malware infection risk for their organizations. The rules can also be used to upskill threat defenders by showcasing high quality malware detection rules that consist of patterns that identify malicious code blocks.
In its first release of open source YARA rules, ReversingLabs focused on those that would help close detection gaps for deployed security solutions by focusing on the most destructive malware types, including: WannaCry, Multigrain, MedusaLocker, Kovter, Ryuk, GandCrab, Crysis, TrickBot, Emotet, Dridex, and CurveBall (CVE-2020-0601).
Availability & Support
The initial list of YARA rules can be accessed immediately via ReversingLabs GitHub repository. ReversingLabs will be responsible for maintaining the repository, providing regular updates, and adding new rules over time for detecting the latest threats. For questions, suggestions and guidance, threat hunters can contact ReversingLabs at firstname.lastname@example.org or open an issue on the GitHub repository.
ReversingLabs first 100 open source YARA rules were announced in a presentation by Pericin during REVERSING 2020, a free virtual summit that brought together more than 1,300 threat hunters, thought leaders, and security practitioners to discuss YARA best practices to assist in hunting, identifying, and classifying malware samples. Keynote speaker Vitali Kremez discussed “Evolution of Cybercrime Intent & Hunting with YARA for Malware Developers” and was joined by a host of other presenters discussing best practices, free tools, and new strategies for effectively using YARA. A full agenda from the event as well as presentation recordings from the REVERSING 2020 summit will be available on ReversingLabs YouTube channel and website starting the week of July 6.
For more information on how to use these YARA rules within ReversingLabs Titanium Platform, see “Level Up Your YARA Game” by Tomislav Pericin on the ReversingLabs blog or “How to Hunt for Threats Using YARA Rules,” an instructional video for the ReversingLabs Titanium Platform and A1000 by analyst Robert Perica.
ReversingLabs is the leading provider of explainable threat intelligence solutions that shed the necessary light on complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC and Threat Hunting processes with a transparency that arms junior analysts to confidently take action.
ReversingLabs is used by the world’s most advanced security vendors and deployed across all industries searching for a more intelligent way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.
ReversingLabs Titanium Platform provides broad integration support with more than 4,000 unique file and object formats, speeds detection of malicious objects through automated static analysis, prioritizing the highest risks with actionable detail in only .005 seconds. With unmatched breadth and privacy, the platform accurately detects threats through explainable machine learning models, leveraging the largest repository of malware in the industry, containing more than 10 billion files and objects. Delivering transparency and trust, thousands of ‘human readable’ indicators explain why a classification and threat verdict was determined, while integrating at scale across the enterprise with connectors that support existing file repository, SIEM, SOAR, threat intelligence platform and sandbox investments, reducing incident response time for SOC analysts, while providing high priority and detailed threat information for both developers and hunters to take quick action.
Learn more at https://www.reversinglabs.com, or connect on LinkedIn or Twitter.
Jennifer Balinski, Guyer Group