YARA rules are an essential tool for detecting and classifying malware, and they are one of VirusTotal’s cornerstones. Other than using your own rules for Livehunts and Retrohunts, in VirusTotal we import a number of selected crowdsourced rules provided by contributors to help identify and classify samples (example report). However, finding, tracking and managing VirusTotal’s crowdsourced YARA rules can be challenging, especially as the number of rules and contributors grow. To address this, we introduce the new VirusTotal’s Crowdsourced YARA Hub, allowing users to easily search and filter existing rules, track new ones and one-click export any of them to Livehunt and Retrohunt.
It is important to highlight that the Crowdsourced YARA hub does NOT include your private VirusTotal Livehunt/Retrohunt rulesets, it rather centralizes all contributor/community YARA rules that are currently contextualizing files submitted to VirusTotal.
The new Crowdsourced YARA Hub can be found under “Livehunt”.