12. YARA Forge
YARA-Forge (https://yarahq.github.io/) is an open-source project that bundles YARA rules from different open-source projects. Rules are offered in different rulesets that differ in their false positive (FP) ratio and detection rate trade-off.
THOR Util supports downloading YARA Forge with:
C:\thor>thor-util.exe yara-forge download --ruleset <ruleset>
The ruleset value can be one of the following:
core
extended
full
Note
Only one ruleset at a time can be used. When you download a new ruleset, the old one is overwritten.
A downloaded YARA Forge ruleset is stored in custom-signatures/yara-forge
and is automatically updated with thor-util update.
If you no longer want to use YARA Forge, you can run:
C:\thor>thor-util.exe yara-forge remove