- Introduction: explain what are Yara, yarGen and Loki.
- YARA - is a pattern-matching tool used for malware detection.
- yarGen - is an automated YARA rule generator. The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files.
- Loki - is a scanner that uses YARA rules to detect threats.
We have been given with a file (named file2) for testing purposes.
- Test file2 with Loki
Initially the file was not flagged as suspicious/malicious scanning it with Loki
- Test your Yara rule against file2.
- Create a Yara rule with yarGen to test file2.