HOME

TheInfoList



Click Here for Items Related To - Yara (group)
OR:
Yara (group) on:   [Wikipedia]   [Google]   [Amazon]

YARA is the name of a tool primarily used in
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
research and detection. It provides a rule-based approach to create descriptions of malware families based on
regular expression A regular expression (shortened as regex or regexp; sometimes referred to as rational expression) is a sequence of characters that specifies a search pattern in text. Usually such patterns are used by string-searching algorithms for "find" ...
,
textual In literary theory, textuality comprises all of the attributes that distinguish the communicative content under analysis as an object of study. It is associated with structuralism and post-structuralism. Explanation Textuality is not just abo ...
or
binary Binary may refer to: Science and technology Mathematics * Binary number, a representation of numbers using only two digits (0 and 1) * Binary function, a function that takes two arguments * Binary operation, a mathematical operation that ta ...
pattern A pattern is a regularity in the world, in human-made design, or in abstract ideas. As such, the elements of a pattern repeat in a predictable manner. A geometric pattern is a kind of pattern formed of geometric shapes and typically repeated li ...
s. A description is essentially a YARA rule name, where these rules consist of sets of strings and a
boolean expression In computer science, a Boolean expression is an expression used in programming languages that produces a Boolean value when evaluated. A Boolean value is either true or false. A Boolean expression may be composed of a combination of the Boolean con ...
.


History

YARA was originally developed by Victor Alvarez of
VirusTotal VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google. Vi ...
, and released on GitHub in 2013. The name is either an abbreviation of YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym.


Design

YARA by default comes with modules to process PE,
ELF An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...
analysis, as well as support for the open-source Cuckoo sandbox.


See also

*
Sigma Sigma (; uppercase Σ, lowercase σ, lowercase in word-final position ς; grc-gre, σίγμα) is the eighteenth letter of the Greek alphabet. In the system of Greek numerals, it has a value of 200. In general mathematics, uppercase Σ is used ...
* Snort


References


External links

*
YARA documentation
{{malware-stub Computer forensics