YARA - Salem73616C656D/reading-notes GitHub Wiki
Key Takeaways
YARA
-
YARA is a tool that you can use to track down malware in your computer or network. You create YARA rules to help you find what you want. Attackers may reuse code in different malware campaigns. YARA rules can look for that code along with some of the malware’s functions and features. YARA rules work for email as well.
-
Building your own rules will allow you to search files for patters and strings that are deterministic in a piece of malware.