- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Cybersecurity Researchers Launch New Malware Hunting Tool YARAify
A group of security researchers from Abuse.ch and ThreatFox launched a new hub for scanning and hunting files.
Dubbed YARAify, the defensive tool is designed to scan suspicious files against a large repository of YARA rules.
“YARA is an open source tool for pattern matching,” Abuse.ch founder Roman Hüssy said in an interview with The Daily Swig. “It allows anyone […] to write their own rules to detect [issues] such as malicious or suspicious files.”
YARAify can scan files using public YARA rules and integrate both public and non-public YARA rules from Malpedia, which is operated by the Fraunhofer Institute in Germany.
Additionally, researchers can use the tool to scan files using open and commercial ClamAV signatures, set up hunting rules to match both YARA rules and ClamAV signatures and link YARAify to other tools via application programming interfaces (APIs).
According to Hüssy, YARAify was created to facilitate the handling of YARA rules, which he described as powerful but difficult to handle.
Before the release of YARAify, malware hunters had to find YARA rules across platforms and git repositories, without a direct way of sharing them and with no consistent naming convention (leading to duplicates).
“We decided to launch the YARAify platform to the public to allow anyone to share their YARA rules with the community in a structured way and to use those to hunt for suspicious and malicious files seen within the Abuse.ch universe,” Hüssy concluded.
For context, YARA rules have been used by several organizations and individuals in the past and have helped numerous security researchers spot dangerous threats.
For instance, in February 2021, FireEye used YARA rules during the events surrounding its data breach. The tool was also used months later by Microsoft to find evidence of the infamous Emotet botnet.