YARA

YARA is the name of a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a boolean expression.^[1]

History

YARA was originally developed by Victor Alvarez of VirusTotal, and released on GitHub in 2013.^[2] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym.^[3]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

References

↑ "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.
↑ "Release v1.7.1". GitHub.
↑ Victor M. Alvarez [@plusvic] (September 22, 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

External links

yara on GitHub
YARA documentation

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.

[2] "Release v1.7.1". GitHub.

[3] Victor M. Alvarez [@plusvic] (September 22, 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

[1]

[2]

[3]

History

Design

See also

References

External links