Yara

install

sudo apt update -y && sudo apt upgrade -y
sudo apt install yara

usage

yara myfirstrule.yar somefile

write rules

• https://yara.readthedocs.io/en/stable/writingrules.html
• https://medium.com/malware-buddy/security-infographics-9c4d3bd891ef#18dd

awesome-yara

• https://github.com/InQuest/awesome-yara

Loki

• python loki.py -h
• python loki.py -p . path of current directory

yarGen

• https://github.com/Neo23x0/yarGen
• creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.
• yarGen includes a big goodware strings
• python3 yarGen.py --update
• python3 yarGen.py -m ./suspicious-files --excludegood -o /home/suspicious-file.yar
• --excludegood force to exclude all goodware strings
• copy rule to loki cp suspicious-file.yar ~/tools/Loki/signature-base/yara
• yarAnalyzer, another tool to create yara rule, https://github.com/Neo23x0/yarAnalyzer/

Valhalla

• https://www.nextron-systems.com/valhalla/