plaintext
8 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
rule SuspiciousDownloader {
strings:
$a = "powershell -enc" nocase
$b = "Invoke-WebRequest" nocase
$c = "http://" nocase
condition:
2 of them
}
1 file · plaintext
Explain with highlit
YARA is useful when you need lightweight pattern matching across files during incident response or malware triage. I keep rules specific and review false positives often. Overbroad rules create noise fast, which is the enemy during an active investigation.
Share this code
Here's the card — post it anywhere.