-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathyara.json
69 lines (69 loc) · 1.99 KB
/
yara.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
"Rule": {
"prefix": "rule",
"body": [
"rule ${1:$TM_FILENAME_BASE}",
"{",
"\tmeta:",
"\t\tdescription = \"${description}\"",
"\t\tauthor = \"${author}\"",
"\t\tdate = \"${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}\"",
"\t\treference = \"${reference}\"",
"\t\thash = \"${hash}\"",
"\tstrings:",
"\t\t$${name} = \"${string}\"",
"\tcondition:",
"\t\t${condition}",
"}"
],
"description": "Generate a rule skeleton"
},
"Meta": {
"prefix": "meta",
"body": [
"meta:",
"\tdescription = \"${description}\"",
"\tauthor = \"${author}\"",
"\tdate = \"${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}\"",
"\treference = \"${reference}\"",
"\thash = \"${hash}\""
],
"description": "Generate a 'meta' section"
},
"Strings": {
"prefix": "strings",
"body": [
"strings:",
"\t$${name} = \"${string}\""
],
"description": "Generate a 'strings' section"
},
"Condition": {
"prefix": "condition",
"body": [
"condition:",
"\t${conditions}"
],
"description": "Generate a 'condition' section"
},
"Import": {
"prefix": "import",
"body": "import \"${1|pe,elf,cuckoo,magic,hash,math,dotnet,time|}\"",
"description": "Import a YARA module"
},
"for": {
"prefix": "for",
"body": "for ${1:expression} of ${2:string_set} : ( ${3:boolean_expression} )",
"description": "Apply the same condition to many strings"
},
"any": {
"prefix": "any",
"body": "any of ${them}",
"description": "String set keyword: any"
},
"all": {
"prefix": "all",
"body": "all of ${them}",
"description": "String set keyword: all"
}
}