100 Days of YARA – Day 54: Golang protobufs

On February 11, 2022December 31, 2021 By DanielIn 100 days of Yara

Protocol buffers, while not inherently malicious, is often used by malware because it makes implementing C2 protocols easy.

https://developers.google.com/protocol-buffers

rule golang_protobuf
{
	meta:
		description = "Golang binary with Google protobuf package"

	strings:
		$ = "google.golang.org/protobuf"

	condition:
		all of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 54: Golang protobufs”

Pingback: Week 07 – 2022 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

One thought on “100 Days of YARA – Day 54: Golang protobufs”

Leave a Reply Cancel reply