@@ 0,0 1,18 @@
+# Malware analisys with curious butterfly
+
+## How does it work
+
+The idea is taking advantage of Raku grammars to look for structures that statically looks like malware (similar to a YARA, with conditions and regex of strings, libraries and structures in the reversing). Since the tool is based on raku, it needs rakudo to work:
+
+```
+apt install rakudo
+```
+
+Which is the raku compiler. The main script is cubu:
+
+```
+chmod u+x cubu
+./cubu
+```
+
+A pop up will appear. The example provided is Sparkling Goblin, a threat actor. The `.raku` script is based on strings inside malware samples of Sparkling Goblin. If entered the folder (`samples` in this case) and the threat name (`sparkling_goblin` in this case), a file would be generated with coincidences found, and written in a file which name that looks like `results_<threat name>` in this case `results_sparkling_goblin`.