YARA is the malware identification/classification tool using pattern-matching rules. Rules contain strings (ASCII, hex, regex) and conditions that match files or memory.
YARA rules are shareable community intelligence. Used in EDR, sandbox analysis, email gateways, and SIEM. Writing good YARA: focus on malware-unique strings, avoid common library code. VirusTotal hunting uses YARA against their malware corpus.