Showing results for 
Search instead for 
Did you mean: 
Level 7

Does any of you tried some Yara rules ?

I wanted to test some Yara Rules (especially the ones for Hacking Team binaries).

I found a good repo : Yara-Rules/rules · GitHub

But I'm not able to upload the files, I'm getting such errors :

2015-08-11-02:55:58: error: 1 error(s) during rules compilation.

yara error: in custom rule file at line=263: undefined identifier "uint32be"

2015-08-11-02:58:36: Modules import for custom behavioral rules is not supported

The version of the Yara rules are 3.0 and I'm using an ATD6000 3.4.8 which is stated to support 3.0 rules.

I would also be glad if you can share your Yara rules good sources.

0 Kudos
2 Replies
Level 7

Re: Does any of you tried some Yara rules ?

The topic is still interesting.

Did you have any sucess over the years with yara rules and McAfee?

Or what is your experince.

0 Kudos
Level 11

Re: Does any of you tried some Yara rules ?

Talk about necro-ing a post.

@cjanne - if you are trying to get assistance on a similar issue to this, I would suggest creating a new post. A 2 year old post will be ignored by most.