YARA

YARA
Designed by	Victor Alvarez
First appeared	2013
Stable release	4.5.2 / 10 September 2024; 52 days ago
Filename extensions	.yara
Website	virustotal.github.io/yara

YARA is a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression.^[2]

History

YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013.^[3] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym.^[4]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

References

^ "Release 4.5.2". 10 September 2024. Retrieved 26 September 2024.
^ "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.
^ "Release v1.7.1". GitHub.
^ Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

External links

yara on GitHub
YARA documentation

This malware-related article is a stub. You can help Wikipedia by expanding it.

[wikidata-b310076f75d82fbb9a2d277f290b80fe55c625dd-v18-1] "Release 4.5.2". 10 September 2024. Retrieved 26 September 2024.

[2] "Welcome to YARA's documentation!". yara.readthedocs.io. Retrieved 2023-09-18.

[3] "Release v1.7.1". GitHub.

[4] Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

[1]

[2]

[3]

[4]

YARA

History

Design

See also

References

External links

€4.95