Intelligence-Driven Incident Response with YARA

Given the current cyber threat landscape, organizations are now beginning to acknowledge the inexorable law that decrees that they will be compromised. Threat actors’ tactics, techniques, and procedures demand intelligence-driven incident response, which in turn, depend upon methodologies capable of yielding actionable threat intelligence in order to adapt to each threat. The process to develop such intelligence is already in motion, heavily relying on behavioral analysis, and has given birth to cyber threat indicators as a means of fingerprinting and thus identifying new and unknown threats. This paper will focus on YARA, a malware identification and classification tool used as a scan engine, whose features will be explored in order to deploy indicators at the endpoint. Intelligence-Driven Incident Response with YARA! 2 Ricardo Dias;[email protected] “It is even better to act quickly and err than to hesitate until the time of action is past.” Carl von Clausewitz: On War, 1832