If you need to generate your own rules starting from recovered evidences
YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.
A really big repository of YARA rules is published on GitHub, at
However, if you want generate your own rules starting from recovered evidences, you can use this two open source tools:
Written by Florian Roth, is a python based generator for YARA rules
The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.
Experimental project to build a tool to attempt to allow for quick, simple, and effective yara rule creation to isolate malware families and other malicious objects of interest.
There is also available a webapplication version of the tool: