YARA rules published alongside research on derp.ca, a malware C2 tracker and threat intelligence project tracking active malware infrastructure.
Each directory contains a YARA rule and a short public README for the matching malware sample, case, or family.
Rules are scoped to the evidence available at publication time. Some rules target a submitted sample or case-specific chain; others target broader family traits when enough stable code, protocol, or structural evidence is available.
Rules follow CCCS validator expectations and include YARAhub-compatible metadata where applicable.
Rules are deployed to:
All rules in this repository are dedicated to the public domain under CC0 1.0 Universal. No attribution required, but a link back to derp.ca is appreciated.
derp.ca tracks malware C2 infrastructure and publishes technical malware analysis.