0

I would like to know if we can count regex string in Yara?

I am not sure if Yara support this?

rule CountExample
{
    strings:
        $a = "dummy1"
        $b = /dummy\d+/

    condition:
        #a == 6 and #b > 10
}

There only match condition $b but #b can not count

Jimmy
  • 1
  • 1
  • 3

1 Answers1

0

Using # with a regex string should still count.

Assuming these are the contents of the file:

data1.txt

dummy1
dummy2
dummy1
dummy1
dummy4
dummy1
dummy1
dummy8
dummy6
dummy1
dummy9

data2.txt

dummy1
dummy1
dummy2
dummy1
dummy1
dummy4
dummy1
dummy1
dummy8
dummy6
dummy1
dummy9

data3.txt

dummy1
dummy1
dummy1
dummy1
dummy1
dummy1

you rule will only match data1.txt.

Try playing with the data in Cyberchef

3xp101t
  • 1