Decided it was time to upload a few Yara rules to my Github. Most of them are pretty old unfortunately but there's some stuff in there that might be useful. I'll add more if/when I can.

Here's some I had luck with:

Hunting for Github/Telegram integration in a PowerShell script (in conjunction with -Uri):

https://github.com/ozuriexv/Detection-Rules/blob/main/YARA/misc/service_usage_powershell.yar

Common file magic other than PE but contains XORed DOS stub:

https://github.com/ozuriexv/Detection-Rules/blob/main/YARA/obfuscation/misc_obfuscation.yar#L1-L14

Generic/common Windows paths targeted by stealers:

https://github.com/ozuriexv/Detection-Rules/blob/main/YARA/hunting/hunt_stealers.yar