🔥 3-day streak
Professional Security Operations Engineer183 / 241
Question 183 of 241

During a proactive hunt in Google SecOps, a threat hunter forms the hypothesis that adversaries are executing malicious binaries that spoof legitimate vendor names to evade casual review. The hunter wants a YARA-L rule that surfaces executables where the digital signature verification status indicates the binary is unsigned or has an invalid signature, yet the file metadata claims to originate from a well-known trusted software publisher. Which YARA-L detection approach best supports this hypothesis?

Reviewed for accuracy · Report an issueNext question