Glossary
YARA
A pattern-matching tool and rule language used to identify and classify malware samples based on textual or binary signatures.
YARA is an open-source tool and rule language that lets analysts describe malware families or suspicious code patterns as sets of string and byte conditions. A YARA rule matches a file or memory region if the defined strings and logical conditions are satisfied. Rules can match against raw bytes, ASCII/Unicode strings, regular expressions, and file-format metadata. YARA is used in static analysis pipelines, antivirus engines, and threat-intelligence platforms to quickly classify large numbers of samples. High-entropy sections, known packer stubs, and C2 URL patterns are common rule triggers.