YARA

YARA is the name of a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a boolean expression.[1] The language used has traits of Perl compatible regular expressions.[2][3]

History

YARA was originally developed by Victor Alvarez of VirusTotal. The name is either an abbreviation of YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym.[4]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

References

https://yara.readthedocs.io/en/v3.5.0/index.html
"Signature-Based Detection With YARA". Retrieved 28 Nov 2016.
"Remove Duplicate Yara Rules with PowerShell Regular Expressions". Retrieved 28 Nov 2016.
Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an ancronym for: YARA: Another Recursive Ancronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

External links

yara on GitHub
Yararules.com A repository of YARA rules
YaraEditor An IDE for writing YARA rules

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] ttps://yara.readthedocs.io/en/v3.5.0/index.html

[2] "Signature-Based Detection With YARA". Retrieved 28 Nov 2016.

[3] "Remove Duplicate Yara Rules with PowerShell Regular Expressions". Retrieved 28 Nov 2016.

[4] Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an ancronym for: YARA: Another Recursive Ancronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.