I wrote a blog post about MalpediaFLOSSed, a collection of ~4 million strings extracted from 1800+ malware families and upgrading its GUI plugin to work with IDA, Ghidra, and Binary Ninja at once!

Kudos to Hyun Yi for Hyara, which pioneered such cross-tool compatibility!

🛠️ We added a basic WebUI to our malware strings lookup service. Give it a try at strings.malpedia.io

Based on this, I updated the Trellix Advanced Research Center Ghidra script to locally use this JSON file. Additionally, I wrote a script to query the Malpedia web service via the exposed API, which one can also host locally. The Ghidra scripts can be found here: github.com/advanced-threa…

📣We updated 'Malpedia FLOSSed'.
TL;DR: More data, cleaner Rust/Go/Dotnet strings, various tags!
We also created a public web service to make this data more accessible: strings.malpedia.io, as well as an IDA plugin as a demo use case.
Read more -> github.com/malpedia/malpe…

I feel like this dump doesn't get enough credit.
So I filtered all malware debug ascii/utf16 strings from it and included it in a YAR rule file.
That's just one use-case for this awesome dump.
There are lots of other interesting malware indicators in it that could be used in a…

#BinaryNinja plugin that helps write #YARA rule strings based on a selection in the Disassembly view.

Inspired by formatting used in #Yara_Signator Malpedia (highlighted in screenshot).

gist.github.com/utkonos/0aa6e1…

Daniel Plohmann Vector 35 Jordan Wiens

#100DaysofYARA

🛠️ We just published 'Malpedia flossed': Mandiant FLARE team's floss tool applied to all unpacked + dumped samples in Malpedia. Results: 35.645.324 raw strings, distilled to 2.137.276 unique strings from 1751 processed malware families - 400 MB JSON.
-> github.com/malpedia/malpe…

Introducing YARA-Forge ⚡️
- Streamlined Public YARA Rule Collection

Excited to share my latest project with the community just in time for Christmas! After weeks of hard work, it's finally ready 🎄🎁

Blog Post
cyb3rops.medium.com/introducing-ya…

Project Page
yarahq.github.io

Another iteration of the YARA-Signator rule set has been generated by
Felix Bilstein
and has been published to Malpedia and GitHub. It includes 1311 updated rules and 73 new additions.

After two weeks of vacation we are back to content aggregation! 👾📒 We also doubled the hardware of our server, which should help make the website more responsive again.

Another iteration of the YARA-Signator rule set has been generated by Felix Bilstein and has been published to Malpedia and GitHub. It includes 1273 updated rules and 44 new additions.

We just published a new iteration of the YARA-Signator rule set has been generated by
Felix Bilstein
and published it to Malpedia and GitHub. It includes 1272 updated rules with 33 new additions.

We are happy to announce that you can now also take off your sunglasses while browsing Malpedia, we just rolled out dark mode. 😎

The next iteration of the YARA-Signator rule set has been generated by Felix Bilstein
and was published yesterday to Malpedia and GitHub. It includes 1234 updated rules!

MatterBot now supports Malpedia queries, including IoC lookup and sample grabbing and uploading (if you have the API key for this!), actor and family queries. Lots of other bugfixes and small improvements as well. Go grab the newest version at github.com/uforia/MatterB… !

The next iteration of the YARA-Signator rule set has been generated by Felix Bilstein and published to Malpedia and GitHub. It includes 1204 updated rules with 20 new additions.