Hi all,
Thank you for your wonderful work. I am trying to use VxSig to generate AV signatures for a few malware families, where each family consists of multiple binaries (>2).
If I understand correctly, VxSig takes a pair of binaries as input, locating the common parts, and finally generate YARA rules to represent them.
Now how to generate signatures for a pair of binaries is clear. However, I am still confused about how to use VxSig to generate YARA rules for a set of binaries (more than two binaries). Actually I have some initial ideas, but I am not sure.
Could you give me some suggestions, or, what is the best practice of dealing with more than two binaries?
Much thanks in advance!
Hi all,
Thank you for your wonderful work. I am trying to use VxSig to generate AV signatures for a few malware families, where each family consists of multiple binaries (>2).
If I understand correctly, VxSig takes a pair of binaries as input, locating the common parts, and finally generate YARA rules to represent them.
Now how to generate signatures for a pair of binaries is clear. However, I am still confused about how to use VxSig to generate YARA rules for a set of binaries (more than two binaries). Actually I have some initial ideas, but I am not sure.
Could you give me some suggestions, or, what is the best practice of dealing with more than two binaries?
Much thanks in advance!