YARA

For other uses, see Yara (disambiguation).

YARA is the name of a tool primarily used in malware research and detection.

It provides a rule-bused approach to create descriptions of malware families based on textual or binary patterns. A description is essentially a Yara rule name, where these rules consist of sets of strings and a boolean expression.^[1] The language used has traits of Perl compatible regular expressions.^[2]^[3]

Description

YARA was originally developed by Victor Alvarez of Virustotal. The name is either an abbreviation of YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym.^[4] YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

External links

Yara page on GitHub
Yararules.com A repository of YARA rules
YARA: An Introduction

References

↑ http://yara.readthedocs.io/en/v3.5.0/index.html
↑ "Signature-Based Detection With YARA". Retrieved 28 Nov 2016.
↑ "Remove Duplicate Yara Rules with PowerShell Regular Expressions". Retrieved 28 Nov 2016.
↑ https://twitter.com/plusvic/status/778983467627479040

This article is issued from Wikipedia - version of the 11/28/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.