1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Kaspersky Open Sources Internal Distributed YARA Scanner


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Kaspersky Open Sources Internal Distributed YARA Scanner

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

Kaspersky Lab has released the source code of an internally-developed distributed YARA scanner as a way of giving back to the infosec community.

Originally developed by VirusTotal software engineer Victor Alvarez, YARA is a tool that allows researchers to analyze and detect malware by creating rules that describe threats based on textual or binary patterns.

Kaspersky Lab has developed its own version of the YARA tool. Named KLara, the Python-based application relies on a distributed architecture to allow researchers to quickly scan large collections of malware samples.

Looking for potential threats in the wild requires a significant amount of resources, which can be provided by cloud systems. Using a distributed architecture, KLara allows researchers to efficiently scan one or more YARA rules over large data collections – Kaspersky says it can scan 10Tb of files in roughly 30 minutes.

“The project uses the dispatcher/worker model, with the usual architecture of one dispatcher and multiple workers. Worker and dispatcher agents are written in Python. Because the worker agents are written in Python, they can be deployed in any compatible ecosystem (Windows or UNIX). The same logic applies to the YARA scanner (used by KLara): it can be compiled on both platforms,” Kaspersky explained.

KLara provides a web-based interface where users can submit jobs, check their status, and view results. Results can also be sent to a specified email address.

The tool also provides an API that can be used to submit new jobs, get job results and details, and retrieve the matched MD5 hashes.

Kaspersky Lab has relied on YARA in many of its investigations, but one of the most notable cases involved the 2015 Hacking Team breach. The security firm wrote a YARA rule based on information from the leaked Hacking Team files, and several months later it led to the discovery of a Silverlight zero-day vulnerability.

The KLara source code is available on GitHub under a GNU General Public License v3.0. Kaspersky says it welcomes contributions to the project.

This is not the first time Kaspersky has made available the source code of one of its internal tools. Last year, it released the source code of Bitscout, a compact and customizable tool designed for remote digital forensics operations.

Related: Kaspersky Launches New Security Product for Exchange Online

Related: Avast Open Sources Machine-Code Decompiler in Battle Against Malware

Related: Google, Spotify Release Open Source Cloud Security Tools

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Kaspersky Open Sources Internal Distributed YARA Scanner






Ähnliche Beiträge

  • 1. Strelka - Scanning Files At Scale With Python And ZeroMQ vom 367.97 Punkte ic_school_black_18dp
    Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perform
  • 2. Kaspersky Open Sources Internal Distributed YARA Scanner vom 324.02 Punkte ic_school_black_18dp
    Kaspersky Lab has released the source code of an internally-developed distributed YARA scanner as a way of giving back to the infosec community. Originally developed by VirusTotal software engineer Victor Alvarez, YARA is a tool that allows researchers t
  • 3. Fnord - Pattern Extractor For Obfuscated Code vom 229.44 Punkte ic_school_black_18dp
    Fnord is a pattern extractor for obfuscated codeDescriptionFnord has two main functions: Extract byte sequences and create some statistics Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule 1. Statistic
  • 4. Need a little help please vom 202.1 Punkte ic_school_black_18dp
    Running linux mint 19 cinnamon desktop LTS version with kernel 4.15 LTS have a weird error popping up when i "sudo apt-get update" was hoping someone could help me clear these exceptions up ill post below the terminal read-out. Been a very very long
  • 5. Need a little help please vom 202.1 Punkte ic_school_black_18dp
    Running linux mint 19 cinnamon desktop LTS version with kernel 4.15 LTS have a weird error popping up when i "sudo apt-get update" was hoping someone could help me clear these exceptions up ill post below the terminal read-out. Been a very very long
  • 6. FindYara - IDA Python Plugin To Scan Binary With Yara Rules vom 151.24 Punkte ic_school_black_18dp
    Use this IDA python plugin to scan your binary with yara rules. All the yara rule matches will be listed with their offset so you can quickly hop to them!All credit for this plugin and the code goes to David Berard (@p0ly)This plugin is copied from David
  • 7. Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool vom 141.44 Punkte ic_school_black_18dp
    The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your dire
  • 8. How to update sources.list repository of kali linux vom 138.94 Punkte ic_school_black_18dp
    To update,upgrade and dist-update the kali linux operating system,we need to update the sources.list of our kali linux.Now lot's of question flashing into your mind like,What is sources.list?Why we need to update sources.list?How to Update sources.list
  • 9. Kaspersky Lab Has Been Working With Russian Intelligence vom 103.47 Punkte ic_school_black_18dp
    An anonymous reader quotes a report from Bloomberg: Internal company emails obtained by Bloomberg Businessweek show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly
  • 10. TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices vom 100.21 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analyt
  • 11. TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors vom 97.94 Punkte ic_school_black_18dp
    Original release date: October 20, 2017 | Last revised: October 23, 2017Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Securi
  • 12. Scannerl - The Modular Distributed Fingerprinting Engine vom 95.44 Punkte ic_school_black_18dp
    Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap