PhishingKit-Yara-Rules
PhishingKit-Yara-Rules – Open Source project
YARA repository for Phishing Kits zip files
This repository, dedicated to Phishing Kits zip files YARA rules, is based on zip raw format analysis to find directories and files names, you don’t need yara-extend there. This repository is open to all rules contribution, feel free to create pull request with your own set of rules, sharing knowledge is the better way to improve our detection and defence against Phishing threat. The first set of rules has been created for the project PhishingKit-Yara-Search. To write your own rules you can refered to YARA’s documentation or the example behind.
Requirements
Yara is required for most of those rules to work. The better is to use the PhishingKit-Yara-Search project, dedicated to Phishing Kits zip files analysis. No need of yara-extend ’cause YARA will only check for directories and files names in raw zip file format.
Contributing
Pull requests and issues with suggestions are welcome! See CONTRIBUTING.md.
Used by VirusTotal
Those rules are used by VirusTotal for a better threat triage and detection.
StalkPhish - phishing and brand impersonation detection 