Writing & Publishing a Malware Analysis Report

ReportTemplate.docx

• executive summary
• technical summary use pictures / diagrams
• use description and screenshots

Detecting Malware with YARA

yara32 rules.yara malware.malz -w -p 32

• -p number of processes
• -w suppress warnings
• -s indicated the triggered strings
• replace malware.malz by any directory to scan its entirety
• -r recursive (for instance in the entire system)

show the triggered rules

Writing YARA Rules

https://github.com/mattnotmax/DFIR-notes/blob/master/cheatsheet_yara.md

https://medium.com/@nidhi.trivedi/yara-cheat-sheet-585eae339e63

identify unique things

• example

  

give context