'Yara one rule against multiple files
I'm using Yara to detect multiple strings in multiple files for example:
File A : toto
File B : titi
Both file are in a directory repo
Yara rule (test.yar) :
rule test
{
strings:
$ = "toto"
$ = "titi"
condition:
all of them
}
And i run the commnand line :
yara test.yar -r repo/
But this rule will never match.
How can i do ?
PS : I can't merge the two file into one.
Thanks.
Solution 1:[1]
The condition field is set to all of them which means that the files will match, only if they have the string toto AND the string titi.
Based on your question, you are looking for the condition any of them, which will match if titi OR toto is in the file.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Caroline |