Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of compromise, or building detection rules for threat intelligence.
インストール
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of compromise, or building detection rules for threat intelligence.
allowed-tools
["Bash","Read","Write","Glob","Grep"]
YARA Rule Authoring
When to Use
Writing YARA rules to detect malware samples or families
Creating detection signatures for indicators of compromise (IOCs)
Scanning files or directories for known threat patterns
Building threat hunting rules from intelligence reports
Classifying unknown samples based on behavioral or structural patterns
condition:
all of them // All strings match
any of ($a*) // Any string starting with $a
2 of ($s1, $s2, $s3) // At least 2 of listed strings
#s1 > 3 // String $s1 appears more than 3 times
@s1 < 0x100 // String $s1 found before offset 0x100
filesize < 1MB // File size constraint
uint16(0) == 0x5A4D // Magic bytes at offset