The dr_sandbox Module

The dr_sandbox module is an exclusive YARA module of Doctor Web. With dr_sandbox, you can create rules based on the following information:

•File behavior on a virtual machine

•Types of created files (src, dump, drop, alloc etc.)

•Details regarding detected threats

•The name of the analyzed file

The rule example that includes the connect_to function of dr_sandbox:

rule bad_file
{
condition:
dr_sandbox.descr_tech.network.connect_to(/http:\/\/someplace\.badsite\.com/)
}

You can find the full list of the dr_sandbox module functions in Appendix B. Functions of dr_sandbox module.