Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Search yara hits other than YRP #69

Open
rimuru1066 opened this issue May 4, 2022 · 2 comments
Open

Search yara hits other than YRP #69

rimuru1066 opened this issue May 4, 2022 · 2 comments
Assignees
@silascutler
Labels
bug Something isn't working enhancement New feature or request good first issue Good for newcomers

Comments

@rimuru1066
Copy link

It seems that every yara search for yrp/* works, but not for any other.

Example hash: 6d14bb5ee2d7b2ecb28530324e7452a48476c79f7ded0a5727035d74744e5772

It has a CuckooSandbox/shellcode tag in the Yara hits, but the search returns nothing.
@silascutler
Copy link
Contributor

Had this exact same issue earlier this week. Thanks for the spot

@silascutler silascutler added bug Something isn't working enhancement New feature or request good first issue Good for newcomers labels May 7, 2022
@silascutler silascutler self-assigned this May 7, 2022
@Squiblydoo Squiblydoo mentioned this issue May 11, 2024
Open
@Squiblydoo
Copy link

This is to note that the problem seems to still exist. I was able to reproduce it by looking for any rule using the following sets. Or even putting "[rulename]/*". Each of the following return with No results.

            "CuckooSandbox/*"  
            "FlorianRoth/*"    
            "KevTheHermit/*"
            "BAMFDetect/*"

Using "YRP/*" returns a message that says "YARA rule with this name could not be found", which is probably the correct and expected behavior. This suggests to me that the check for the existence of the YARA rules themselves for the other repositories is not working as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@silascutler silascutler

Labels
bug Something isn't working enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@silascutler @Squiblydoo @rimuru1066