If you need to generate your own rules starting from recovered evidences

YARA is a tool aimed at helping malware researchers to identify and classify malware samples.

Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.

A really big repository of YARA rules is published on GitHub, at

However, if you want generate your own rules starting from recovered evidences, you can use this two open source tools:

yarGen

Written by Florian Roth, is a python based generator for YARA rules

However, if you want generate your own rules starting by recovered evidences, you can use a tool written by Florian Roth, yarGen:

The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.

YaraGenerator

Experimental project to build a tool to attempt to allow for quick, simple, and effective yara rule creation to isolate malware families and other malicious objects of interest.

There is also available a webapplication version of the tool: