neonprimetime security , just trying to help

/*     Phishing Kit Emails */ rule PhishingKitEmail {     strings:         $domain1 = "@gmail.com"         $domain2 = ...

# the keyword string to search for $stringToSearchFor = "http://nsis.sf.net/NSIS_Error"; # run strings on all malware *.bin fil...

# run "myrules.yar" against all *.bin files in a folder and print to standard output get-childitem \ -filter *.bin |select fullna...

rule HasUrls { strings: $urlregex = /http(s|):\/\/[^\s]+\.[^\s]{2,5}/ $urlregexwide = /http(s|):\/\/[^\s]+\.[^\s]{2,5}/ wide cond...

rule IsNullsoftInstaller { strings: $nullsoft = "http://nsis.sf.net/NSIS_Error" wide condition: any of them }

rule IsExecutable {     strings:         $exe = { 4D 5A }     condition:         $exe at 0 }

# Run Yara Rules against a file ONE LINE AT A TIME instead of against the whole file import os import subprocess import traceback impor...

rule Neo23x0SigmaUserAgentMatch { meta:  author = "@neonprimetime"  description = "@Neo23x0 Proxy User Agent Rules https:...

rule RemoteControlUrlAccessed { meta:  author = "@neonprimetime"  description = "Cloud Remote Control Url Accessed" ...

# Given a list of urls, determine what type of IoT device (or any device for that matter) they are based on you plugging in Yara rules into ...

/* ------------------------- ------ NanoCore ------------ --------------------------- */ rule NanoCoreByName { meta: author = "@neonp...