The APT1.yar yara rule was created in order to detect attacks/malware from the Chinese threat actor group “Unit 61398”.
Unit 61398 is part of the PLA (People’s Liberation Army), and they are also known as the threat actor group “Comment Crew”, because they use a method in their attacks which allows them to communicate command and control data via HTML comments.
Download the APT1 YARA rule directly.
Environments where you can find YARA rules
Environments where you can learn how to work with YARA and how to create YARA rules