https://www.jaiminton.com/cheatsheet/DFIR/#
sudo apt-get install -y yara
Use this script to download and merge all the yara malware rules from github: https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9
Create the rules directory and execute it. This will create a file called malware_rules.yar which contains all the yara rules for malware.
wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
mkdir rules
python malware_yara_rules.py
yara -w malware_rules.yar image #Scan 1 file
yara -w malware_rules.yar folder #Scan hole fodler
sudo apt-get install -y clamav
sudo freshclam #Update rules
clamscan filepath #Scan 1 file
clamscan folderpath #Scan the hole folder
Tools like rkhunter can be used to check the filesystem for possible rootkits and malware.
sudo ./rkhunter --check -r / -l /tmp/rkhunter.log [--report-warnings-only] [--skip-keypress]
PEpper checks some basic stuff inside the executable (binary data, entropy, URLs and IPs, some yara rules).