Using YARA rules you can identify and classify malware samples: a rule triggers when the condition within it is met. The condition can refer to the specific file contents, behavior, or location. YARA rules can include strings, boolean expressions, wildcards, regular expressions, special operators, and many other features. For more information about YARA rules, go to official YARA documentation 
.
YARA rules used in Dr.Web vxCube have some special capabilities:
•In the meta rule section, the required maliciousness field is added. This field is used to specify a maliciousness type that will be added to the report if the rule triggers
•Using the exclusive dr_sandbox module, you can create rules triggered when specific behavior for a file is detected on a virtual machine.
All the YARA rules in Dr.Web vxCube are divided into two categories: system rules and user rules. System rules are created by the Dr.Web vxCube developers and used in file analysis by default. You can’t view or edit the contents of system rules, as well as delete them, but you have the option to disable these rules that are not needed. Additionally, you can create your own (user) rules. User rules can be edited, disabled, or deleted.