YARA

Description

YARA is a tool for identifying and classifying malware samples by creating rules based on textual or binary patterns. Used by malware researchers, incident responders, and threat intelligence analysts, it allows writing descriptions of malware families using boolean expressions and wildcard patterns.

Use Cases

• Create pattern-matching rules to identify malware families
• Scan files and memory for indicators of compromise
• Classify and categorize malware samples in threat intelligence workflows

Attack Phases

MITRE ATT&CK Techniques (2)