For some time, I have been using a YARA rule for Gootloader zips, to hunt for additional samples on VirusTotal. But I have never seen one for the .JS file inside of the .zip. I have never created a YARA rule before, and set out to figure it out. Perfect timing as a new video […]
