VirusTotal · JSON Structure

Virustotal Yara Rule Object Structure

A crowdsourced YARA rule contributed to the VirusTotal community.

Type: object Properties: 5 Required: 3
Anti-MalwareThreat IntelligenceSecurityFile AnalysisURL AnalysisYARAIoCSandboxMITRE ATT&CKGoogle Cloud

YaraRuleObject is a JSON Structure definition published by VirusTotal, describing 5 properties, of which 3 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

id type links attributes relationships

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/virustotal/refs/heads/main/json-structure/virustotal-yara-rule-object-structure.json",
  "name": "YaraRuleObject",
  "description": "A crowdsourced YARA rule contributed to the VirusTotal community.",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Object identifier."
    },
    "type": {
      "type": "string",
      "description": "Object type discriminator."
    },
    "links": {
      "type": "object",
      "description": "Hypermedia links.",
      "properties": {
        "self": {
          "type": "uri"
        }
      }
    },
    "attributes": {
      "type": "object",
      "description": "Type-specific attributes for YaraRuleObject.",
      "properties": {
        "rule_name": {
          "type": "string",
          "example": "Mal_Emotet_Loader"
        },
        "ruleset_id": {
          "type": "string"
        },
        "ruleset_name": {
          "type": "string"
        },
        "author": {
          "type": "string"
        },
        "description": {
          "type": "string"
        },
        "source": {
          "type": "string",
          "description": "Source URL of the rule."
        },
        "rules": {
          "type": "string",
          "description": "Raw YARA rule text."
        }
      }
    },
    "relationships": {
      "type": "object",
      "description": "Pre-expanded relationships, keyed by relationship name.",
      "additionalProperties": true
    }
  },
  "required": [
    "id",
    "type",
    "attributes"
  ]
}