100 Days of YARA – Day 19: Identifying Golang Binaries

Golang is a popular choice for malware authors due to ease of development, not requiring dependencies, and robust standard library. If your organization does not use golang applications, this may be a good thing to scan for.

rule golang
{
	meta:
		description = "Golang"

	strings:
		$s1 = "Go build"
		$s2 = "go.build"
		$go = "/go-"

	condition:
		any of ($s*) or #go > 10
}

YARA Rules Index

One thought on “100 Days of YARA – Day 19: Identifying Golang Binaries

  1. Pingback: Week 02 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s