Hunting Malware Using Yara presented at AppSecIndonesia2020 2020

by Lakshya Dubey,

Summary : As we are in the age of the computer, the complexity of computer threats has also increased. So it is necessary to identify the malware and hear come the Yara, it makes it possible for the malware researchers to hunt and classify malware and even APTs. Yara is the swiss-army knife that makes the work of malware researchers and threat intelligent researchers painless. It is the simple rule-based approach for hunting and classifies malware families/variants. Using Yara we can accurately detect malware threats. The capability of Yara can also extend to scan files and memory. The best part of Yara rules is that it provides both textual and binary patterns for creating an efficient signature for malware. The binary patterns help to hunt for hunting the code reuse among the malware families. Yara rules can last for decades. So Yara lubricates the process of hunting malware, The key to efficient YARA rules depends on simple and clear rule sets utilizing both.