Yara Rule Feed

We are currently collecting requests for a YARA rule feed service that provides you the newest, high quality YARA rules that we have integrated into our scanners.

The internal signature database contains more than 9000 quality tested YARA rules for malware (mostly RATs and APT related malware), droppers, exploit codes, web shells, malicious scripts, obfuscated code, hack tools, the output files of these hack tools, forensic artefacts, malicious scripts and other anomalies.

If you are interested in such a service, please subscribe to the “Early Access” mailing list or contact us via info@nextron.systems.com

Early Access Mailing List

Please select all the ways you would like to hear from Nextron Systems:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.

Details

As previously announced our YARA rule packs and feeds will be available in March/April 2019. We’ve put a lot of effort into a internal system named “Mjolnir” that parses, normalizes, filters, tags and automatically modifies our rule base, which contains more than 9000 YARA rules. 

This system will now fill a database of tagged YARA rules – the basis of our new YARA services. 

The services will be divided into two categories:

  • YARA Rule Set
  • YARA Rule Feed

YARA Rule Set

The YARA rule set consist of more than 9000 YARA rules of different categories that are used in our scanners.

Some of our rules use extensions (external variables) that are only usable in our scanner products. These rules, experimental, third party and other classified rules will not be part of the purchasable rule set. 

YARA Rule Feed 

The YARA rule feed is a subscription on our rules. The feed always contains the rules of the last 90 days, which is between 250-400 YARA rules. 

Rule Samples

The quality of the rules in the rule set are comparable to the rules in our public “signature-base” repository. 

Some good examples for the different rule categories are:

Quality and Focus

The rules are tested against a data set of more than 350 TB of goodware. The goodware file repository consists of Windows OS files, several full Linux distributions and a big collection of commercial and free software. 

However, false positives are always possible. We do not recommend any destructive action on a signature match, like delete or blocking.

The main focus of our rules are:

  • Threat Hunting
  • Classification
  • Anomaly Detection
  • Compromise Assessment 

Overview

Features

Flexible API

The API features different output formats (text, json, html), filters for tags, score and time frames

Rich Meta Data

The rules provide rich meta data, a standardized scheme based on best practices and tags for simpler filtering

Statistics

We provide useful statistics and reports on rules in the feed, like AV engine coverage and matched sample hashes 

Quality Tested Rules

All rules are tested against more than 80TB of operating system files and other software

Performance Optimization

All rules are used in our scanners and therefore optimized for performance. The planned version 1.1 of the API will allow you to pull less strict rule sets that are more effective for in-memory detection and the detection in data streams.

API Client

We provide an API client written in Python that allows you to query the API in different ways