PhishingKit-Yara-Rules – Open Source project

YARA repository for Phishing Kits zip files

This repository, dedicated to Phishing Kits zip files YARA rules, is based on zip raw format analysis to find directories and files names, you don’t need yara-extend there. This repository is open to all rules contribution, feel free to create pull request with your own set of rules, sharing knowledge is the better way to improve our detection and defence against Phishing threat. The first set of rules has been created for the project PhishingKit-Yara-Search. To write your own rules you can refered to YARA’s documentation or the example behind.

At the beginning of November 2022 we have more than 400 Yara rules available!


Yara is required for most of those rules to work. The better is to use the PhishingKit-Yara-Search project, dedicated to Phishing Kits zip files analysis. No need of yara-extend ’cause YARA will only check for directories and files names in raw zip file format.


Pull requests and issues with suggestions are welcome! See

Used by VirusTotal

Those rules are used by VirusTotal for a better threat triage and detection.