Two open source tools to easily generate YARA rules

If you need to generate your own rules starting from recovered evidences

YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.

A really big repository of YARA rules is published on GitHub, at

https://github.com/Yara-Rules/rules

However, if you want generate your own rules starting from recovered evidences, you can use this two open source tools:

yarGen

Written by Florian Roth, is a python based generator for YARA rules

However, if you want generate your own rules starting by recovered evidences, you can use a tool written by Florian Roth, yarGen:

The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.

https://github.com/Neo23x0/yarGen

YaraGenerator

Experimental project to build a tool to attempt to allow for quick, simple, and effective yara rule creation to isolate malware families and other malicious objects of interest.

https://github.com/Xen0ph0n/YaraGenerator

There is also available a webapplication version of the tool:

https://yaragenerator.com/

Comments