YARA
From HandWiki
Short description: Rule-based malware analysis tool
YARA is the name of a tool primarily used in malware research and detection.
It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a boolean expression.[1]
History
YARA was originally developed by Victor Alvarez of VirusTotal, and released on GitHub in 2013.[2] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym.[3]
Design
YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.
See also
References
- ↑ "Welcome to YARA's documentation!". https://yara.readthedocs.io/en/latest/index.html.
- ↑ "Release v1.7.1". https://github.com/VirusTotal/yara/releases/tag/v1.7.1.
- ↑ Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice.". https://twitter.com/plusvic/status/778983467627479040.
External links
Original source: https://en.wikipedia.org/wiki/YARA.
Read more |