Why is malware identification important?
How can malware identification help us in our analysis of the malware?
What is an IOC (Indicator of Compromise)?
An indicator of compromise (IOC) is an a priori known characteristic artefact of attacks, malware samples / families.
IOCs can be used for detection and identification purposes.
Name some host based IOCs (Indicator of Compromise)
Host based IOCs
Name some network based IOCs.
Network based IOCs
What is Yara?
Yara is a language to check for IOCs
How difficult is it for an attacker to change the IOCs of following components:
What is an advantage of yarea rules and for what purposes can they be used?
In contrast to AV engine rules, Yara rules can be written and shared by anybody, which allows security teams to act independently of vendors.
Yara rules ca be used in different places of an organiyation's detection / security technologies: