Wednesday, August 8, 2012

Yara Signature Exchange Google Group


Yara-Exchange Google Group (by invitation only)
https://groups.google.com/d/forum/yaraexchange



Please read the Yara Exchange Group rules below and if you are interested, request an invitation by sending an email from your organization's email account to to Yara at deependresearch.org (currently moderated by Andre' M. DiMino)

Please provide the following information:
  • Your First & Last Name (may not be a third party contact)
  • Your Organization and Address
  • Contact information for verification.

    Once your membership is confirmed we will need your
  • Gmail Email address in order to join Google group. 
  • Github ID (create at Github.com if you don't have) 
  • Virustotal.com ID (create at virustotal.com if you don't have) - optional but recommended
You can send this information in the initial application email.


In short, we need name, work and Gmail email addresses, organization, and full contact info (City, Country). The requirement to use your work email for the initial request is mandated by the fact that not all indicators can be publicly shared.

By registration, you agree that your group access will be used only by the person registered. No other distribution or public disclosure of this group's signatures is permitted.  Although signatures shared will not be posted in public, please make sure that all information you send to this group comes from your own research, open sources, or you have permission (from other groups / researchers or your employer) to share it with the group.

We are planning to have both crimeware and APT yara signatures. We can create an upload/malware hosting if necessary.


Read more about Yara here
http://code.google.com/p/yara-project/
and a good explanation is here by Lenny Zeltser 


Yara Exchange Group Rules

1. DeepEnd Research is an all volunteer, non-commercial organization that derives no financial benefit from Yara signatures or anything else developed by the group. Our goal is to build a community of researchers with a mutual interest in developing, improving, and sharing Yara signatures.

2. It's expected and required that everyone will contribute to the list. "Yara Exchange" isn't there to just pull signatures or watch the conversations and not contribute anything back. While some initial silence is understood until our momentum builds, extended lack of participation won't be accepted.
Contributing to the list can come in many forms including new signatures, improvements on existing signatures, tool integration using yara, analysis and classification techniques using yara, etc. If you cannot share any signatures you develop or do not use yara often enough to contribute, please do not apply. 

3. Inactive members, or those that don't tangibly contribute to the signature development or sharing will be pinged to check on their status and removed after 3 months.

4. A group roster will be distributed to group members on a regular basis. We believe that the roster will let us have more trust in each other, and a better understanding of who you are sharing your signatures with. The roster will consist of the list members and their organizations (Google group nick+real name+org/company). No email addresses , titles, or other personal information will be included. DeepEnd Research will never use your information for reasons not specified above.

5
a. Group access is granted only to the person registered. If you have colleagues and friends that you feel will be a good part of this group, have them request their own access.

b. No sharing, distribution, or public disclosure of this group's signatures, analysis, or work product outside of the member's organization or "Yara Exchange" is permitted. Additionally, no signatures, analysis, or work product from "Yara Exchange" can be used commercially, or for other financial benefit, either directly or indirectly.
Usage explanation and examples:
-You can use yara signatures produced by the group for operations at your company / organization  and/or for incident response at your user / client / customer site.
-You may not incorporate signatures shared by group members into any products / appliances / subscriptions / reports you sell or publications you produce.
-You maintain ownership of signatures you create and submit to the group and you can use / sell them in any way  you wish.
If there are any questions or uncertainties about external use of "Yara Exchange" information, please ask!

c. Please ensure that all information you share with "Yara Exchange" comes from your own research, open sources, or with permission.

We hope these rules will prevent group stagnation and taking advantage of a few active participants by many idle members and companies. We look forward to working with you and hope this group develops and thrives. 

No comments:

Post a Comment