If you need to generate your own rules starting from recovered evidences

YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.

A really big repository of YARA rules is published on GitHub, at

[embed]https://github.com/Yara-Rules/rules[/embed]

However, if you want generate your own rules starting from recovered evidences, you can use this two open source tools:

yarGen

Written by Florian Roth, is a python based generator for YARA rules

However, if you want generate your own rules starting by recovered evidences, you can use a tool written by Florian Roth, yarGen:

The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.

[embed]https://github.com/Neo23x0/yarGen[/embed]

YaraGenerator

Experimental project to build a tool to attempt to allow for quick, simple, and effective yara rule creation to isolate malware families and other malicious objects of interest.

[embed]https://github.com/Xen0ph0n/YaraGenerator[/embed]

There is also available a webapplication version of the tool:

[embed]https://yaragenerator.com/[/embed]