Two open source tools to easily generate YARA rules

If you need to generate your own rules starting from recovered evidences

YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.

A really big repository of YARA rules is published on GitHub, at

https://github.com/Yara-Rules/rules

However, if you want generate your own rules starting from recovered evidences, you can use this two open source tools:

yarGen

Written by Florian Roth, is a python based generator for YARA rules

However, if you want generate your own rules starting by recovered evidences, you can use a tool written by Florian Roth, yarGen:

The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.

https://github.com/Neo23x0/yarGen

YaraGenerator

Experimental project to build a tool to attempt to allow for quick, simple, and effective yara rule creation to isolate malware families and other malicious objects of interest.

https://github.com/Xen0ph0n/YaraGenerator

There is also available a webapplication version of the tool:

https://yaragenerator.com/

Related posts

  1. SMBGhost (CVE-2020-0796): a new wormable Windows SMBv3 vulnerability
  2. Also Node.js has been used to perform a Living off the Land (LotL) attack
  3. PEpper: a python script to perform malware static analysis on Portable Executable format
  4. New version of FinFisher spyware used to spy on iOS and Android users in 20 countries
  5. ‘Agent Smith’ malware has infected Android apps on 25 million devices