ReversingLabs Unveils 100+ Open Source YARA Rules for Threat Hunters at Inaugural REVERSING 2020 Summit
CAMBRIDGE, Mass., June 30, 2020 (GLOBE NEWSWIRE) -- ReversingLabs, the leading provider of explainable threat intelligence solutions, made a sizable contribution to the open source community today, publishing 128 of its rigorously tested YARA rules to GitHub for the first time. Announced at ReversingLabs inaugural threat hunter summit REVERSING 2020, these now publicly available rules enable threat defenders to detect a multitude of prominent and prevalent malware downloaders, viruses, trojans, exploits, and ransomware, including WannaCry, Ryuk, GandCrab, TrickBot and others. With free access to these rules that generate precise and accurate results and attribution, threat defenders now have the ability to more quickly pivot from a malware detection event to threat response.
“Knowing that a YARA rule has detected ransomware with high degree of precision can mean the difference between a prevented attack and the one that slips by because it was left waiting for investigation to elevate its importance,” said Tomislav Pericin, Chief Software Architect and Co-Founder, ReversingLabs. “Threat hunters can confidently add these YARA rules to their toolkit. They are built to provide zero false-positive detections. Only those that pass rigorous testing against our 10 billion unique binaries get published, ensuring quality and efficacy.”
Leveraging ReversingLabs extensive repository of 10 billion goodware and malware samples, deep understanding of destructive objects, and its analysts’ nearly two decades of threat hunting experience, these malware detection rules help threat hunters and other threat defenders attribute malware by type and family or variety to expedite threat response processes and reduce malware infection risk for their organizations. The rules can also be used to upskill threat defenders by showcasing high quality malware detection rules that consist of patterns that identify malicious code blocks.
Availability & Support
For more information on how to use these YARA rules within ReversingLabs Titanium Platform, see “Level Up Your YARA Game” by Tomislav Pericin on the ReversingLabs blog or “How to Hunt for Threats Using YARA Rules,” an instructional video for the ReversingLabs Titanium Platform and A1000 by analyst Robert Perica.
ReversingLabs is used by the world’s most advanced security vendors and deployed across all industries searching for a more intelligent way to get at the root of the web, mobile, email, cloud, app development and supply chain threat problem, of which files and objects have become major risk contributors.
ReversingLabs Titanium Platform provides broad integration support with more than 4,000 unique file and object formats, speeds detection of malicious objects through automated static analysis, prioritizing the highest risks with actionable detail in only .005 seconds. With unmatched breadth and privacy, the platform accurately detects threats through explainable machine learning models, leveraging the largest repository of malware in the industry, containing more than 10 billion files and objects. Delivering transparency and trust, thousands of ‘human readable’ indicators explain why a classification and threat verdict was determined, while integrating at scale across the enterprise with connectors that support existing file repository, SIEM, SOAR, threat intelligence platform and sandbox investments, reducing incident response time for SOC analysts, while providing high priority and detailed threat information for both developers and hunters to take quick action.
How to Strategically Leverage New Connectivity Options