DEVHIDE
Login Or Sign up

Specifying an unknown number of conditions

43 Views Asked by At

Want to write a Yara rule that fires on a range of strings hitting. E.g.:

$rrr = "shell"

$var1 = "cheese"
$var2 = "beef"
$var3 = "chicken"

condition:

$rrr and ($var*) > 2

Can't seem to get anything like this to compile.

Tried the above, tried other various regexs and assorted nonsense.

yara
Original Q&A
1

There are 1 best solutions below

0
On

It's not completely clear what you are going for with your sample above, but here are two options:

$rrr and (#var1+#var2+#var3) >= 2
  • Will match on "shell cheese cheese"

--Or--

$rrr and (2 of ($var*))
  • Will match on "shell cheese beef"
  • But not "shell cheese cheese"

Related Questions in YARA

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.