YARA Rules - a new tool to identify and classify malware
The AIL framework is a powerful tool to analyse potential information leaks from unstructured data sources. It can be extended to support other functionalities to mine sensitive information.
New features have been developed recently to widen its scope of use. A new type of tracker has been added: the YARA rules. It is an open-source tool which is used mainly but not exclusively for identifying and classifying malware based on a string or binary pattern matching.
YARA was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection. It was developed with the idea to describe patterns that identify particular strains or entire families of malware.
It has an active, growing community that supports it. As an open-source project written in raw C and provided freely via GitHub. With YARA, you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, aka rule, consists of a set of strings and a boolean expression which determines its logic.
Now, everybody has the chance to add his own YARA rules or contribute by adding a new rule in the default list. For doing this, you just need to make a pull request in the AIL GitHub/
YARA is a big step forward for AIL, which will not stop evolving.
In the next few days, AIL will also launch a new system for managing, creating and launching crawlers (docker containers, proxies, crawlers’ script). This will make the installation easier and help the user to better cope with the errors.