Day 5️⃣3️⃣ of #100DaysofYARA: An exploration of how much malware from the @objective_see collection is detected by the XProtect YARA ruleset - I expected it to be higher tbh but this also means there's a lot more macOS malware samples to collect out there so every rule is used 🤔 #GottaDetectThemAll

Script to download some malware, run the XProtect ruleset, and plot the results here: https://gist.github.com/shellcromancer/1192b537e690a1cceee7c057529b9d59 - use it to chart visualize the collection in other ways! To make this work you’ll need to build YARA Python with support for the hash module to use the sha1 function which isn't a default but used heavily in XProtect (see https://github.com/VirusTotal/yara-python/issues/8)

#macOS #malware #XProtect