YARA generator tool

Fill in the form to quickly create your YARA rule. The input will be parsed and will be put into an template that you can copy and store locally.






Please provide 3 strings that must be found in the files you are going to parse with your YARA rule.


String value 1
String value 2
String value 3

Create YARA rules online

This online YARA creation tool allows you to create your YARA rules online. We don’t store them and the YARA rule is generated based on your input. It is a very straight forward cybersecurity tool which I simply want to share with you.

The tutorial on how to use the tool can be found at the end of this post.

Who uses YARA rules

  • Threat Intelligence analysts
  • CERT analysts
  • XDR / MDR analysts
  • Malware hunters

Which companies make use of YARA rules

  • Group-IB
  • Bitdefender
  • VirusTotal
  • Recorded Future
  • AlienVault

What is YARA

When taking a look at the official documentation of YARA, the following is shared in the documentation:

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a. rule, consists of a set of strings and a boolean expression which determine its logic.

YARA – Documentation

So in short, it is a tool, that allows anyone to quickly search through folders/files with your selected YARA rules. Once a match has been made, this will be reported back to the user. See it as an custom search tool on steroids.

Create YARA rules in 7 steps

You just need to follow these 7 steps to quickly generate your own YARA rule online.

  • Provide YARA signature name
  • Provide YARA description
  • Provide first must match string
  • Provide second must match string
  • Provide third must match string
  • Create YARA rule
  • Copy and Paste it to your local system

Time needed: 2 minutes.

Tutorial on how to create your own YARA rule online with the Cyberwarzone YARA tool.

  1. Set the YARA signature name

    It is important to provide each YARA signature their own unique name.

  2. Explain what the YARA signature is supposed to do

    In the description part, you should provide an description of what the YARA signature will do.

  3. Provide the first must match string

    Enter the value that you want to have matched.

  4. Provide the second must match string

    Enter the second value that you want to have matched.

  5. Provide the third must match string

    Enter the third value that you want to have matched.

  6. Click on Create YARA rule

    Once clicked, the tool will put your input into the YARA signature template.

  7. Copy and Paste

    Copy and paste the generated YARA signature to your local system.

Demo

I created a quick video which shows you the YARA signature creation of APT1.

Example of how to use the tool
Share this information