100 Days of YARA – Day 19: Identifying Golang Binaries

On January 7, 2022December 31, 2021 By DanielIn 100 days of Yara

Golang is a popular choice for malware authors due to ease of development, not requiring dependencies, and robust standard library. If your organization does not use golang applications, this may be a good thing to scan for.

rule golang
{
	meta:
		description = "Golang"

	strings:
		$s1 = "Go build"
		$s2 = "go.build"
		$go = "/go-"

	condition:
		any of ($s*) or #go > 10
}

YARA Rules Index

One thought on “100 Days of YARA – Day 19: Identifying Golang Binaries”

Pingback: Week 02 – 2022 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

One thought on “100 Days of YARA – Day 19: Identifying Golang Binaries”

Leave a Reply Cancel reply