YARA

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

YARA is the name of a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a boolean expression.[1] The language used has traits of Perl compatible regular expressions.[2][3]

History[edit]

YARA was originally developed by Victor Alvarez of VirusTotal, and released on GitHub in 2013.[4] The name is either an abbreviation of YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym.[5]

Design[edit]

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

See also[edit]

References[edit]

  1. ^ "Welcome to YARA's documentation! — yara 4.1.0 documentation". yara.readthedocs.io. Retrieved 2021-05-17.
  2. ^ "Signature-Based Detection With YARA". 24 June 2015. Retrieved 28 Nov 2016.
  3. ^ "Remove Duplicate Yara Rules with PowerShell Regular Expressions". Retrieved 28 Nov 2016.
  4. ^ "Release v1.7.1". GitHub.
  5. ^ Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

External links[edit]