Home | README.md | Portfolio | ← | →

Reading What Are YARA Rules?

Threat Hunting using YARA

What is the main goal of Threat Hunting and how is it different from traditional threat monitoring?

• Traditional threat hunting is not specific in the meters and monitors used, Yara takes the history of attacks and targets monitoring activity that is most likely to be a threat

What are the four types of YARA rules and what does each one of them use to identify and classify malicious software?

String-based rules: These rules use strings of text, either as literal values or as regular expressions, to identify malware. For example, you might use a string-based rule to detect malware that contains a specific string of characters in its code. File metadata-based rules: These rules use metadata about the files being analyzed to identify malware. For example, you might use a file metadata-based rule to detect a particular file type or to identify files that have been created or modified within a specific time period. Hash-based rules: These rules use cryptographic hashes to identify malware. A cryptographic hash is a unique representation of the contents of a file, and if any part of the file changes, the hash will also change. Hash-based rules can be used to detect malware that has been modified or disguised in an attempt to evade detection. Network-based rules: These rules use network traffic data, such as IP addresses or ports, to identify malware. For example, you might use a network-based rule to detect malware that is communicating with a specific IP address or port.

How are YARA rules similar to how Anti-Virus programs detect malicious software?

• The both have preset indicators to look out for

Bookmark and Review

YARA Rules GitHub Project This project covers the need of a group of IT Security Researchers to have a single repository where different Yara signatures are compiled, classified and kept as up to date as possible, and began as an open source community for collecting Yara rules.