https://github.com/resteex0/yarex
Yarex
yarex is new face of uniq yara rule and is the YARA signature and IOC database for our scanners [resteex_scanner]
yarex is a project created to make the possibility of static malware analysis open and available to the public. yarex the objective to achivement the zero risk with conduct yarex in threat hunting or incident response or researching .
Getting Started
#requirements:
sudo apt-get install yara
option 1
sudo git clone https://github.com/resteex0/yarex.git --recursive
sudo cd yarex
sudo ls yarex/theZoo|awk '{print $9}'|while read A ; do yara yarex/theZoo/$A test3 2>&1;done
option 2 (recommended if researching or auditing)
sudo git clone https://github.com/resteex0/yarex.git --recursive
cd yarex
unzip -Pinfected testsample.zip
cd ..
sudo yarex/./resteex_scanner.sh yarex yarex/testsample
##Auditing and calibration
after option 2 as first should be have detect as some :
resteex_Win32_ZeroCleare yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_RedDelta yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_StrongPity yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_Unnamed_SpecMelt yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_FASTCash yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_All_ElectroRAT yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_SofacyCarberp yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_KerrDown yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_LuckyCat yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_FamousSparrow yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_MosesStaff yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Emotet yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Razy yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_REvil yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_AtomSilo yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Medusa_Locker yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Pysa yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Remcos yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Amavaldo yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Conti yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_YanluowangRansomware yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Cobalt_Strike yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Curator_Ransomware yarex/testsample/0468127a19daf4c7bc41015c5640fe1f
resteex_Win32_ZeroCleare yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_RedDelta yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_StrongPity yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_Unnamed_SpecMelt yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_FASTCash yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_All_ElectroRAT yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_SofacyCarberp yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_KerrDown yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_LuckyCat yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Win32_FamousSparrow yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_MosesStaff yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Emotet yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Razy yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Babadeda yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_REvil yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_AtomSilo yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Medusa_Locker yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Pysa yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Remcos yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Amavaldo yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Conti yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_YanluowangRansomware yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Cobalt_Strike yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
resteex_Curator_Ransomware yarex/testsample/0ceead2afcdee2a35dfa14e2054806231325dd291f9aa714af44a0495b677efc
License<br>
Share this recording
Link
Append ?t=30
to start the playback at 30s, ?t=3:20
to start the playback at 3m 20s.
Embed image link
Use snippets below to display a screenshot linking to this recording.
Useful in places where scripts are not allowed (e.g. in a project's README file).
HTML:
Markdown:
Embed the player
If you're embedding on your own page or on a site which permits script tags, you can use the full player widget:
Paste the above script tag where you want the player to be displayed on your page.
See embedding docs for additional options.
Download this recording
You can download this recording in asciicast v2 format, as a .cast file.
DownloadReplay in terminal
You can replay the downloaded recording in your terminal using the
asciinema play
command:
asciinema play 461995.cast
If you don't have asciinema CLI installed then see installation instructions.
Use with stand-alone player on your website
Download asciinema player from
the releases page
(you only need .js
and .css
file), then use it like this:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
<div id="player"></div>
<script src="asciinema-player.min.js"></script>
<script>
AsciinemaPlayer.create(
'/assets/461995.cast',
document.getElementById('player'),
{ cols: 135, rows: 34 }
);
</script>
</body>
</html>
See asciinema player quick-start guide for full usage instructions.
Generate GIF from this recording
While this site doesn't offer GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.
Once you have it installed run the following command to create GIF file:
agg https://asciinema.org/a/461995 461995.gif
Or, if you already downloaded the recording file:
agg 461995.cast 461995.gif
Check agg --help
for all available options. You can change font
family and size, select color theme, adjust speed and more.
See agg manual for full usage instructions.