YARA

YARA is a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a Boolean expression.^[1]

History

YARA was originally developed by Victor Alvarez of VirusTotal and released on GitHub in 2013.^[2] The name is an abbreviation of YARA: Another Recursive Acronym or Yet Another Ridiculous Acronym.^[3] In 2024, Alvarez announced that YARA would be superseded by a rewrite called YARA-X, written in Rust.^[4] A first stable version of YARA-X was released in June 2025, marking the passage of the original YARA into maintenance mode.^[5]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

References

External links

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/YARA. Read more

[1] "Welcome to YARA's documentation!". https://yara.readthedocs.io/en/latest/index.html.

[2] "Release v1.7.1". https://github.com/VirusTotal/yara/releases/tag/v1.7.1.

[3] Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice.". https://twitter.com/plusvic/status/778983467627479040.

[4] ttps://virustotal.github.io/yara-x/blog/yara-is-dead-long-live-yara-x/

[5] ttps://virustotal.github.io/yara-x/blog/yara-x-is-stable/

[1]

[2]

[3]

[4]

[5]

YARA

Contents

History

Design

See also

References

External links