# yara
> Pattern matching tool for identifying and classifying malware using custom rules

**Category:** [[categories/examine-static-properties-general|Examine Static Properties > General]] | **Tier:** Rich (FOR610)
**Docs:** [https://docs.remnux.org/discover-the-tools/examine+static+properties/general](https://docs.remnux.org/discover-the-tools/examine+static+properties/general)

## Usage
```bash
yara-rules specimen.bin
yara rule.yar specimen.exe
```

## Recipes
- [[recipes/cobalt-strike-beacon-parse|Parse Cobalt Strike Beacon Configuration]]

## Workflows
- [[workflows/static-analysis-workflow|Static Properties Analysis]] — Step 5: Capability Detection
- [[workflows/document-analysis-workflow|Malicious Document Analysis]] — Step 6: Embedded Object Analysis
- [[workflows/shellcode-analysis-workflow|Shellcode Analysis]] — Step 1: Shellcode Detection
- [[workflows/email-analysis-workflow|Email & Phishing Analysis]] — Step 3: Attachment Triage
- [[workflows/cobalt-strike-workflow|Cobalt Strike Analysis]] — Step 1: Beacon Detection

## Related Tools
- [[tools/7-zip|7-Zip]] — Compress and decompress files using a variety of algorithms.
- [[tools/binwalk|binwalk]] — Analyze and extract embedded files and firmware images
- [[tools/bulk-extractor|bulk-extractor]] — Extract interesting strings from binary files.
- [[tools/clamav|ClamAV]] — Open-source antivirus — scan files for known malware signatu
- [[tools/diec|diec]] — Detect packers, compilers, and tools used to create executab

## FOR610
**Labs:** 3.4
**Sections:** 3

#pattern-matching #classification #rules