August 9, 2022

TheCyberThrone

Thinking Security ! Always

YARAify – Biggest YARA rules repository

Security researchers have launched a new hub for scanning and hunting files which is dubbed as YARAify, the defensive tool is designed to scan suspicious files against a large repository of YARA rules.

YARA is an open-source tool for pattern matching that allows anyone to write their own rules to detect issues such as malicious or suspicious files.  According to the researchers, YARAify was created to facilitate the handling of YARA rules, which he described as powerful but difficult to handle.

Advertisements

YARAify can scan files using public YARA rules and integrate both public and non-public YARA rules. Researchers can use the tool to scan files using open and commercial ClamAV signatures, set up hunting rules to match both YARA rules and ClamAV signatures and link YARAify to other tools via API.

YARA rules can be used to “allow a net to be cast wide and then gradually refined” during threat hunting, as researchers focus in on malware strains. But YARA rules are powerful because they can describe not just the content of an executable, but also its behavior. This helps researchers track malware families, even as they adapt.

Before the release of YARAify, malware hunters had to find YARA rules across platforms and git repositories, without a direct way of sharing them and with no consistent naming convention.

We decided to launch the YARAify platform to the public to allow anyone to share their YARA rules with the community in a structured way and to use those to hunt for suspicious and malicious files seen within the Abuse.ch universe.

Researchers note

YARA rules have been used by several organizations and individuals in the past and have helped numerous security researchers spot dangerous threats.

Advertisements

For instance, in February 2021, FireEye used YARA rules during the events surrounding its data breach. The tool was also used months later by Microsoft to find evidence of the infamous Emotet botnet.

YARAify was developed by security researchers at Abuse.ch, a project from the Institute for Cybersecurity and Engineering (ICE) at the University of Applied Sciences at Bern, Switzerland.

%d bloggers like this: