YARA
Forensics malware-detection
Open Source
Malware identification and classification tool
Platforms:
linux windows macos
Prerequisites:
malware-basics regex
Pros and Cons
Ventajas
- + Standard for pattern-based IOCs
- + Very expressive rules
- + Integration with other tools
- + Open-source
- + Active rules community
Desventajas
- - Requires malware knowledge
- - Pattern-based only
- - Cannot detect new malware without rules
Casos de Uso
- Malware classification
- Threat hunting
- Incident response
- IOC sharing