What is Yara?

 2.1. All about Yara "The pattern matching swiss knife for malware researchers (and everyone else)" (Virustotal., 2020) With such a fitting quote, Yara can identify information based on both binary and textual patterns, such as hexadecimal and strings contained within a file. Rules are used to label these patterns. For example, Yara rules are frequently written to determine if a file is malicious or not, based upon the features - or patterns - it presents. Strings are a fundamental component of programming languages. Applications use strings to store data such as text. For example, the code snippet below prints "Hello World" in Python. The text "Hello World" would be stored as a string. Hello Earth! Can you hear me? We could write a Yara rule to search for "hello world" in every program on our operating system if we would like. 2.2. Why does Malware use Strings?Malware, just like our "Hello World" application, uses strings to store textual data. Here are a few examples of the data that various malware types store within strings:

Type	Data	Description
Ransomware	12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw	Bitcoin Wallet for ransom payments
Botnet	12.34.56.7	The IP address of the Command and Control (C&C) server

2.3. Caveat: Malware Analysis Explaining the functionality of malware is vastly out of scope for this room due to the sheer size of the topic. I have covered strings in much more detail in "Task 12 - Strings" of my MAL: Introductory room. In fact, I am creating a whole Learning Path for it. If you'd like to get a taster whilst learning the fundamentals, I'd recommend my room.

What is the name of the base-16 numbering system that Yara can detect?

Would the text "Enter your Name" be a string in an application? (Yay/Nay)