In the post about finding information about malware samples in open sources, I briefly mentioned the use of YARA rules and described the basics of using them in the context of HybridAnalysis. However, this tool is important and universal in the work of a CTI analyst, incident responder or threat hunter, that it is definitely worth devoting a separate [...]
Tag: yara
Hunting for implants - OSINT malware analysis
I started to write a post about malware analysis in the context of OSINT and threat intelligence for a long time. It is one of the most widely used sources of information and a common goal of analyst research, but at the same time a technically complex issue. If we are talking about advanced static analysis (of the file itself) and dynamic (observing the behavior of the file after running), it is [...]