- YARA inobvumira kutsanangura mhuri dzemarware dzichishandisa mitemo inoshanduka yakavakirwa patambo, mabhinari mapatani, uye zvivakwa zvefaira.
- Mitemo yakanyatsogadzirwa inokwanisa kuona zvese kubva kuRansomware uye APTs kusvika kumawebhusaiti uye zero-zuva zviitiko munzvimbo dzakawanda.
- Kubatanidza YARA muma backups, forensic workflows, uye zvishandiso zvemakambani zvinosimbisa dziviriro kupfuura yechinyakare antivirus software.
- Iyo YARA nharaunda uye mutemo repositori inoita kuti zvive nyore kugovera hungwaru uye kuenderera mberi nekuvandudza kuonekwa.
¿Mashandisiro eYARA yekuona malware yepamusoro? Kana zvirongwa zvechinyakare zveantivirus zvasvika pazviganho zvavo uye vanorwisa vanotsvedza nepakati pese kunobvira, chishandiso chave chakakosha muzviitiko zvekupindura ma laboratory chinotanga kushanda: YARA, iyo "Swiss banga" yekuvhima malwareYakagadzirirwa kutsanangura mhuri dzeakaipa software uchishandisa zvinyorwa uye mabhinari mapatani, inobvumira kuenda kure kupfuura nyore hashi yekufananidza.
Mumaoko ekurudyi, YARA haisi yekungotsvaga chete kwete chete inozivikanwa malware samples, asiwo mitsva mitsva, zero-zuva zviitiko, uye kunyange zvekutengesa zvinogumbura maturusi.Muchinyorwa chino, isu tichaongorora zvakadzama uye nekuita mashandisiro eYARA yemhando yepamusoro malware, maitiro ekunyora akasimba mitemo, maitiro ekuiedza, maitiro ekuabatanidza mumapuratifomu seVeeam kana yako yekuongorora mafambiro, uye ndeapi maitiro akanakisa anoteverwa nenharaunda yehunyanzvi.
Chii chinonzi YARA uye nei ine simba pakuona malware?
YARA inomiririra "Yet Another Recursive Acronym" uye yave de facto chiyero mukutyisidzira kuongororwa nekuti. Inobvumira kutsanangura mhuri dzemarware uchishandisa inoverengwa, yakajeka, uye inochinjika mitemo.Panzvimbo pekuvimba chete nemasiginecha eantivirus, YARA inoshanda nemapateni aunozvitsanangura iwe pachako.
Pfungwa yekutanga iri nyore: mutemo weYARA unoongorora faira (kana ndangariro, kana data rwizi) uye inotarisa kana nhevedzano yemamiriro yasangana. mamiriro anoenderana nemavara tambo, hexadecimal sequences, yenguva dzose kutaura, kana faira zvivakwaKana mamiriro acho asangana, pane "match" uye unogona kunyevera, kuvharira, kana kuita ongororo yakadzama.
Iyi nzira inobvumira zvikwata zvekuchengetedza Ziva uye rongedza malware emarudzi ese: mavhairasi emhando, makonye, Trojans, ransomware, webshells, cryptominers, malicious macros, nezvimwe zvakawanda.Izvo hazvingogumiri kune chaiwo mafaera ekuwedzera kana mafomati, saka zvakare inoona yakavanzika inotepfenyurwa ine .pdf extension kana HTML faira ine webshell.
Uyezve, YARA yakatobatanidzwa mune akawanda akakosha masevhisi uye maturusi eiyo cybersecurity ecosystem: VirusTotal, mabhokisi ejecha seCuckoo, mapuratifomu ekuchengetedza seVeeam, kana mhinduro dzekutyisidzira kubva kune vagadziri vepamusoro-tier.Naizvozvo, kugona YARA kwave kudikanwa kune vaongorori vepamusoro uye vaongorori.
Yepamberi yekushandisa makesi eYARA mukuona malware
Imwe yesimba reYARA nderekuti inochinjika segirovhosi kune akawanda ekuchengetedza mamiriro, kubva kuSOC kuenda kune malware lab. Mitemo mimwecheteyo inoshanda kune zvese zvekuvhima kamwe chete uye kuenderera mberi nekutarisa..
Nyaya yakananga inosanganisira kugadzira mitemo chaiyo yeimwe malware kana mhuri dzoseKana sangano rako riri kurwiswa nemushandirapamwe unobva kumhuri inozivikanwa (somuenzaniso, trojan iri kure kana kutyisidzira kweAPT), unogona kunyora tambo dzehunhu nemapateni uye kusimudza mitemo inokurumidza kuona masampuli matsva ane hukama.
Kumwe kushandiswa kwechinyakare ndiko kutarisisa kwe YARA yakavakirwa pamasainiMitemo iyi yakagadzirirwa kutsvaga hashes, tambo dzemavara chaiwo, macode snippets, registry kiyi, kana kunyange chaiwo maiti akateedzana anodzokororwa mune akawanda akasiyana eiyo malware. Nekudaro, ramba uchifunga kuti kana iwe ukangotsvaga tambo diki, unoisa panjodzi yekugadzira manyepo.
YARA inopenyawo kana zvasvika pakusefa ne mafaira emhando kana maitiro ezvimiroIzvo zvinokwanisika kugadzira mitemo inoshanda kune PE executables, magwaro ehofisi, maPDF, kana chero chero fomati, nekubatanidza tambo dzine zvivakwa zvakaita sehukuru hwefaira, chaiwo misoro (semuenzaniso, 0x5A4D yePE executables), kana fungidziro yebasa rekunze.
Munzvimbo dzemazuva ano, kushandiswa kwayo kwakabatana ne inteligencia de amenazasMatura eruzhinji, mishumo yekutsvagisa, uye maIOC feed anoshandurirwa mumitemo yeYARA inosanganiswa muSIEM, EDR, mapuratifomu ekuchengetedza, kana mabhokisi ejecha. Izvi zvinobvumira masangano kuita kurumidza kuona kutyisidzira kuri kubuda kunogovana maitiro nemadanidziro atoongororwa.
Kunzwisisa syntax yeYARA mitemo
YaRA's syntax yakafanana neiyo C, asi nenzira yakapfava uye yakatarisana. Mutemo wega wega une zita, chikamu chemetadata chinosarudzika, chikamu chetambo, uye, chaizvo, chikamu chemamiriro.Kubva pano zvichienda kunze, simba riri pakuti unosanganisa sei zvese izvo.
Lo primero es el kutonga zitaInofanirwa kuenda mushure meiyo keyword rule (o regla Kana iwe ukanyora muSpanish, kunyangwe iro kiyi mufaira richave ruleuye inofanira kunge iri chiziviso chakakodzera: hapana nzvimbo, hapana nhamba, uye hapana underscore. Ipfungwa yakanaka kutevera gungano rakajeka, semuenzaniso chimwe chinhu chakadai Malware_Family_Variant o APT_Actor_Tool, izvo zvinokutendera kuti uone nekukasira izvo zvinotarisirwa kuona.
Kunotevera kunouya chikamu stringskwaunotsanangura mapatani aunoda kutsvaga. Pano unogona kushandisa marudzi matatu makuru: tambo dzemavara, hexadecimal sequences, uye mataurirwo enguva dzoseTambo dzemavara dzakanakira vanhu-inoverengeka kodhi snippets, maURL, mukati memeseji, nzira mazita, kana maPDB. Hexadecimals inobvumidza iwe kutora mbishi byte mapatani, ayo anobatsira zvakanyanya kana kodhi yakavharwa asi ichichengeta mamwe anotevedzana anogara aripo.
Matauriro enguva dzose anopa kuchinjika kana iwe uchida kuvhara misiyano midiki mutambo, sekuchinja madomasi kana kuchinjwa zvishoma zvikamu zvekodhi. Uyezve, ese tambo uye regex inobvumira kutiza kuti dzimiririre zvemabhaiti, iyo inovhura musuwo kune chaiwo chaiwo maitiro akasanganiswa.
La sección condition Ndiyo chete inosungirwa uye inotsanangura kana mutemo uchionekwa se "kufananidza" faira. Ikoko unoshandisa Boolean uye arithmetic mashandiro (uye, kana, kwete, +, -, *, /, chero, zvese, zvine, nezvimwe.) kuratidza zviri nani kuona pfungwa pane zviri nyore "kana tambo iyi ikaoneka".
Semuenzaniso, unogona kutsanangura kuti mutemo unoshanda chete kana faira iri diki pane imwe saizi, kana tambo dzese dzakakosha dzichionekwa, kana kana imwe yetambo dzakawanda iripo. Iwe unogona zvakare kusanganisa mamiriro senge tambo kureba, huwandu hwemachisi, chaiwo offset mufaira, kana saizi yefaira pachayo.Kugadzira pano kunoita mutsauko pakati pemitemo yegeneric uye kuwanikwa kwekuvhiya.
Pakupedzisira, une chikamu chekusarudza metaYakanakira kunyora nguva. Zvakajairika kusanganisira munyori, zuva rekugadzira, tsananguro, vhezheni yemukati, chirevo chemishumo kana matikiti uye, kazhinji, chero ruzivo runobatsira kuchengetedza repository yakarongeka uye inonzwisisika kune vamwe vaongorori.
Mienzaniso inoshanda yemitemo yeYARA yepamusoro
Kuisa zvese zviri pamusoro mumaonero, zvinobatsira kuona magadzirirwo emutemo wakapfava uye kuti unowedzera kuomarara sei kana mafaera anofambiswa, zvinhu zvinofungirwa kunze kwenyika, kana kudzokororwa kwemirairo inoteedzana. Ngatitange nemutongi wetoyi uye zvishoma nezvishoma kuwedzera ukuru..
Mutemo mudiki unogona kunge uine tambo chete uye mamiriro anoita kuti zvisungirwe. Semuenzaniso, iwe unogona kutsvaga chaiyo mavara tambo kana byte sequence inomiririra ye malware fragment. Mamiriro ezvinhu, mumamiriro ezvinhu akadaro, anongotaura kuti mutemo unozadzikiswa kana tambo iyo kana pateni ikaonekwa., pasina mamwe masefa.
Nekudaro, mumamiriro ezvinhu epasirese izvi zvinopfupika, nekuti Maketani akareruka anowanzo gadzira akawanda enhema positivesNdicho chikonzero nei zvakajairika kubatanidza tambo dzakati wandei (zvinyorwa uye hexadecimal) nezvimwe zvirambidzo: kuti faira haripfuuri saizi yakati, kuti ine misoro chaiyo, kana kuti inongoitwa chete kana tambo imwe kubva kune imwe neimwe yakatsanangurwa yawanikwa.
Muenzaniso wakajairwa muPE inogoneka ongororo inosanganisira kuendesa kunze module pe kubva kuYARA, iyo inokutendera kuti ubvunze zvemukati zvebhinari: mabasa anounzwa kunze kwenyika, zvikamu, zvitambi, nezvimwe. CreateProcess desde Kernel32.dll uye imwe HTTP basa kubva wininet.dll, pamusoro pekuva netambo chaiyo inoratidza maitiro akashata.
Rudzi urwu rwe logic rwakakwana pakutsvaga Trojans ine kure kubatana kana exfiltration kugonakunyangwe kana mafaera kana nzira dzichichinja kubva kune imwe mushandirapamwe kuenda kune imwe. Chinhu chakakosha kutarisa pane chiri pasi pemaitiro: kugadzirwa kwemaitiro, zvikumbiro zveHTTP, encryption, kushingirira, nezvimwe.
Imwe nzira inoshanda chaizvo ndeyekutarisa iyo kutevedzana kwemirairo inodzokororwa pakati pemienzaniso kubva kumhuri imwe chete. Kunyangwe kana vanorwisa vakarongedza kana kufutisa iyo bhinari, ivo vanowanzo shandisazve zvikamu zvekodhi izvo zvakaoma kuchinja. Kana, mushure mekuongorora kwakasimba, iwe ukawana zvidhinha zvemirayiridzo nguva dzose, unogona kugadzira mutemo ne wildcards mune hexadecimal tambo iyo inobata iyo pateni uchichengeta kumwe kushivirira.
Nemitemo iyi ye "code behaviour-based" zvinogoneka tevera hurongwa hwese malware senge ePlugX/Korplug kana dzimwe mhuri dzeAPTIwe haungooni hashi chaiyo, asi iwe unoenda mushure mekusimudzira maitiro, sekutaura, evanorwisa.
Kushandiswa kweYARA mumishandirapamwe chaiyo uye zero-zuva kutyisidzira
YARA yakaratidza kukosha kwayo kunyanya mumunda wekutyisidzira kwepamberi uye zero-zuva rekushandisa, uko nzira dzekudzivirira dzechinyakare dzinosvika kunonoka. Muenzaniso unozivikanwa ndeyekushandiswa kweYARA kutsvaga kubiridzira muSilverlight kubva kuhungwaru hwakaburitswa hushoma..
Muchiitiko ichocho, kubva kune maemail akabiwa kubva kukambani yakatsaurirwa kugadzirwa kwezvishandiso zvinogumbura, mapatani akakwana akagadzirwa kuti agadzire mutemo wakanangana nekubata kwakati. Nemutemo mumwe chete iwoyo, vaongorori vakakwanisa kuteedzera sampuli kuburikidza negungwa remafaira anofungidzirwa.Ziva chibatiso uye manikidza kubata kwayo, kudzivirira zvakanyanya kukuvadza zvakanyanya.
Aya marudzi enyaya anoratidza kuti YARA inogona kushanda sei hove mambure mugungwa remafairaFungidzira network yako yemubatanidzwa segungwa rizere ne "hove" (mafaira) emarudzi ese. Mitemo yenyu yakafanana nemakamuri ari mumumbure wokuteya nyanga: kamuri imwe neimwe inochengeta hove dzinoenderana nehunhu chaihwo.
Kana wapedza kukweva, waita masamples akaiswa muboka nekufanana kumhuri chaidzo kana mapoka evanorwisa: "yakafanana neSpecies X", "yakafanana neSpecies Y", zvichingodaro. Mamwe emasampuli aya anogona kunge ari matsva kwauri (mabhinari matsva, mishandirapamwe mitsva), asi anokwana patani inozivikanwa, inomhanyisa kupatsanurwa kwako nemhinduro.
Kuti uwane zvakanyanya kubva kuYARA mune ino mamiriro, masangano mazhinji anosanganisa kudzidziswa kwepamusoro, marabhoritari anoshanda uye nharaunda dzekuyedza dzakadzorwaKune makosi akasarudzika akatsaurirwa chete kuhunyanzvi hwekunyora mitemo yakanaka, kazhinji yakavakirwa pazviitiko chaizvo zvecyber espionage, umo vadzidzi vanodzidzira nemasampuli echokwadi uye vanodzidza kutsvaga "chimwe chinhu" kunyangwe ivo vasingazive chaizvo zvavari kutsvaga.
Batanidza YARA mune backup uye kudzoreredza mapuratifomu
Imwe nzvimbo iyo YARA inokodzera zvakakwana, uye iyo inowanzoenda isina kucherechedzwa, ndeye kuchengetedzwa kwema backups. Kana ma backups akatapukirwa nemalware kana ransomware, kudzoreredza kunogona kutangazve mushandirapamwe wese.Ndosaka vamwe vagadziri vakaisa YARA injini zvakananga mumhinduro dzavo.
Mapuratifomu anotevera-anotevera anogona kutangwa YARA kutonga-kwakavakirwa ongororo masesisheni pakudzorera mapoinziChinangwa chakapetwa kaviri: kutsvaga yekupedzisira "yakachena" poindi isati yaitika uye kuona zvakashata zvakavigwa mumafaira angave asina kukonzerwa nemamwe macheki.
Munzvimbo idzi maitiro akajairika anosanganisira kusarudza sarudzo ye "Skena kudzorera mapoinzi neYARA mutongi"panguva yekugadzirisa basa rekuongorora. Zvadaro, nzira yefaira yemitemo inotsanangurwa (kazhinji nekuwedzera .yara kana .yar), iyo inowanzochengetwa mune faira yekugadzirisa zvakananga kune mhinduro yekuchengetedza."
Panguva yekuurayiwa, injini inodzokorora kuburikidza nezvinhu zviri mukopi, inoshandisa mitemo, uye Inorekodha ese machisi mune chaiyo YARA yekuongorora log.Iye maneja anogona kuona matanda aya kubva kuconsole, ongorora manhamba, ona kuti ndeapi mafaera akonzeresa yambiro, uye kunyange kutsvaga kuti ndeapi machina uye zuva chairo mutambo wega wega unoenderana.
Kubatanidzwa uku kunowedzerwa nedzimwe nzira dzakadai se kucherechedzwa kusinganzwisisike, kutarisa saizi yekuchengetedza, kutsvaga chaiwo maIOC, kana kuongororwa kwezvishandiso zvinofungirwaAsi kana zvasvika kumitemo yakarongedzerwa kune chaiyo ransomware mhuri kana mushandirapamwe, YARA ndiyo yakanakisa chishandiso chekuchenesa icho kutsvaga.
Maitiro ekuyedza uye kusimbisa mitemo yeYARA pasina kutyora network yako
Kana ukangotanga kunyora mitemo yako, danho rinotevera rinokosha nderekuiedza zvakakwana. Mutemo wehasha wakanyanyisa unogona kuunza mafashama ezvekunyepa, nepo munhu akarembesa anogona kurega kutyisidzira chaiko kuchipfuura.Ndosaka chikamu chekuyedza chakangokosha sechikamu chekunyora.
Nhau dzakanaka ndedzekuti haufanire kuseta lab izere nekushanda malware uye kutapurira hafu yetiweki kuita izvi. Repositories uye datasets zvatovepo zvinopa ruzivo urwu. inozivikanwa uye inodzorwa malware samples yezvinangwa zvekutsvagaUnogona kudhawunirodha iwo masampuli munzvimbo yakasarudzika uye woashandisa seyeyedzo yemitemo yako.
Iyo yakajairika nzira ndeyekutanga nekumhanyisa YARA munharaunda, kubva pamutsetse wekuraira, uchipesana nedhairekitori rine mafaera anofungidzirwa. Kana mitemo yako ichienderana nepainofanira uye isingatyoke mumafaira akachena, uri munzira chaiyo.Kana ivo vari kukonzeresa zvakawandisa, inguva yekudzokorora tambo, kunatsa mamiriro, kana kuunza zvimwe zvirambidzo (saizi, kunze kwenyika, zvinobvisa, nezvimwewo).
Imwe pfungwa yakakosha ndeyekuona kuti mitemo yako haikanganisi kuita. Paunenge uchitarisa madhairekitori akakura, akazara backups, kana mikuru miunganidzwa yemuenzaniso, Mitemo isina kunyatsogadziriswa inogona kunonoka kuongorora kana kushandisa zvimwe zviwanikwa pane zvaunoda.Naizvozvo, zvinokurudzirwa kuyera nguva, kurerutsa kutaura kwakaoma, uye kudzivirira zvakanyanya kurema regex.
Mushure mekupfuura nechikamu ichocho chekuyedza marabhoritari, unozogona Kurudzira mitemo kune nharaunda yekugadziraKunyangwe iri muSIEM yako, masisitimu ako ekuchengetedza, maemail maseva, kana kupi zvako kwaunoda kuabatanidza. Uye usakanganwe kuchengetedza kutenderera kutenderera kutenderera: sezvo mishandirapamwe inoshanduka, mitemo yako inoda kugadziridzwa nguva nenguva.
Zvishandiso, zvirongwa uye mafambiro ebasa neYARA
Kupfuura iyo yepamutemo bhinari, nyanzvi dzakawanda dzakagadzira zvidiki zvirongwa uye zvinyorwa zvakatenderedza YARA kufambisa kushandiswa kwayo kwemazuva ese. Nzira yakajairika inosanganisira kugadzira application ye unganidza yako chengetedzo kit iyo inoverenga otomatiki mitemo mufolda uye inoishandisa kune yekuongorora dhairekitori.
Aya marudzi ezvishandiso zvekumba anowanzo shanda neakareruka dhairekitori chimiro: one folda ye mitemo yakatorwa kubva paInternet (semuenzaniso, "rulesar") uye imwe folda ye mafaira anofungidzirwa kuti aongororwe (semuenzaniso, "malware"). Kana chirongwa chatanga, chinotarisa kuti ese ari maviri maforodha aripo, anonyora mitemo pachiratidziro, uye anogadzirira kuurayiwa.
Ukadzvanya bhatani rakaita sekuti "Tanga kutarisaChishandiso chinobva chatangisa iyo YARA inogoneka nemaparamendi anodiwa: kuongorora mafaera ese ari mufolda, kudzokorora kuongorora kwe subdirectories, kubuda manhamba, kudhinda metadata, nezvimwe. Chero machisi anoratidzwa muhwindo remhedzisiro, zvichiratidza kuti faira ripi rinoenderana nemutemo upi.
Uku kufambiswa kwebasa kunobvumira, semuenzaniso, kutariswa kwenyaya mubatch yemaemail anotumirwa kunze kwenyika. mifananidzo yakaipa yakamisikidzwa, zvinonamirwa zvine njodzi, kana mashell ewebhu akavanzwa mumafaira anoita kunge asina mhosvaKuferefeta kwakawanda kwezvekuferefeta munzvimbo dzemakambani kunovimba chaizvo nerudzi urwu rwemashini.
Nezve iyo inonyanya kukosha paramita kana uchidaidza YARA, sarudzo dzakadai sedzinotevera dzinomira pachena: -r kutsvaga uchidzokorodza, -S kuratidza nhamba, -m kuburitsa metadata, uye -w kufuratira yambiroNekubatanidza iyi mireza unogona kugadzirisa maitiro kune yako kesi: kubva pakukurumidza kuongororwa mune yakatarwa dhairekitori kusvika kuzere scanner yeakaomesesa folda chimiro.
Maitiro akanakisa pakunyora nekuchengetedza YARA mitemo
Kuti udzivise dura remitemo yako kubva pakuva nyonganiso isingatarisike, zvinokurudzirwa kushandisa akatevedzana emhando yepamusoro maitiro. Yekutanga ndeyekushanda nematemplate anowirirana uye nemazita magunganokuitira kuti chero muongorori anogona kunzwisisa pakarepo izvo mutemo wega wega unoita.
Zvikwata zvakawanda zvinotora chimiro chakajairwa chinosanganisira musoro une metadata, ma tag anoratidza rudzi rwekutyisidzira, mutambi kana chikuva, uye tsananguro yakajeka yezviri kuonekwaIzvi zvinobatsira kwete mukati chete, asiwo kana iwe uchigovana mitemo nenharaunda kana kubatsira kune veruzhinji repositori.
Imwe kurudziro ndeyekugara uchirangarira izvozvo YARA ingori imwezve chikamu chekudziviriraIyo haitsivi antivirus software kana EDR, asi inozadzisa ivo muhurongwa hwe Dzivirira yako Windows PCSezvineiwo, YARA inofanirwa kukwana mukati mezvimiro zvereferensi zvakakura, senge NIST chimiro, icho chinogadzirisawo kuzivikanwa kwemidziyo, kuchengetedzwa, kuonekwa, kupindura, uye kudzoreredza.
Kubva pane tekinoroji yekuona, zvakakosha kutsaurira nguva kune evitar falsos positivosIzvi zvinosanganisira kudzivirira zvakanyanya generic tambo, kubatanidza akati wandei mamiriro, uye kushandisa vashandisi vakaita se all of o any of Shandisa musoro wako uye tora mukana weiyo faira zvimiro zvechimiro. Iyo yakanyanya kujeka pfungwa yakatenderedza maitiro eiyo malware, zviri nani.
Pakupedzisira, chengetedza chirango che shanduro uye kuongorora nguva nenguva Zvakakosha. Mhuri dzeMalware dzinoshanduka, zviratidzo zvinoshanduka, uye mitemo inoshanda nhasi inogona kupfupika kana kusashanda. Kuongorora uye kugadzirisa mutemo wako wakaiswa nguva nenguva chikamu chekatsi-uye-mbeva mutambo wecybersecurity.
Nharaunda yeYARA uye zviwanikwa zviripo
Chimwe chezvikonzero zvikuru kuti YARA yauya kusvika pari zvino isimba renharaunda yayo. Vatsvagiri, mafemu ekuchengetedza, uye zvikwata zvekupindura kubva kutenderera pasirese vanoramba vachigovana mitemo, mienzaniso, uye zvinyorwa.kugadzira ecosystem yakapfuma kwazvo.
Pfungwa huru yereferensi ndeye YARA's official repository paGitHubIkoko iwe unowana shanduro dzichangoburwa dzechishandiso, iyo kodhi kodhi, uye zvinongedzo kune zvinyorwa. Kubva ipapo unogona kutevera kufambira mberi kweprojekiti, kushuma nyaya, kana kupa kuvandudza kana uchida.
Zvinyorwa zvepamutemo, zviripo pamapuratifomu akadai se ReadTheDocs, zvinopihwa gwara rakazara resyntax, mamodule anowanikwa, mienzaniso yemitemo, uye mareferenzi ekushandisaIcho chinhu chakakosha chekushandisa mukana weakanyanya epamberi mabasa, senge PE kuongorora, ELF, ndangariro mitemo, kana kubatanidzwa nemamwe maturusi.
Pamusoro pezvo, kune nzvimbo dzenharaunda dzeYARA mitemo uye masiginecha uko vaongorori vanobva kumativi ese enyika Ivo vanoburitsa yakagadzirira-kushandisa-kuunganidzwa kana kuunganidzwa kunogona kuchinjirwa kune zvaunoda.Aya marekodhi anowanzo sanganisira mitemo yemamwe malware mhuri, ekushandisa kits, zvisizvo anoshandiswa pentesting maturusi, webshells, cryptominers, uye zvimwe zvakawanda.
Mukufanana, vazhinji vanogadzira uye mapoka ekutsvaga anopa Kudzidziswa chaiko kuYARA, kubva padanho rekutanga kusvika kumakosi epamusoroAya maitirwo anowanzo sanganisira chaiwo maLab uye maoko-pane maekisesaizi akavakirwa pane chaiwo-epasirese mamiriro. Mamwe anotopihwa mahara kumasangano asiri kuita purofiti kana masangano ari panjodzi yekurwiswa kwakanangwa.
Iyi ecosystem yese inoreva kuti, nekuzvipira kudiki, unogona kubva pakunyora yako yekutanga yekutanga mitemo kuenda gadzira masutu akaomesesa anokwanisa kuronda mishandirapamwe yakaoma uye kuona kutyisidzira kusati kwamboitikaUye, nekubatanidza YARA neyechinyakare antivirus, kuchengetedza kuchengetedza, uye kutyisidzira kungwara, unoita kuti zvinhu zvinyanye kuomera vatambi vane hutsinye vanodzungaira painternet.
Nezvese zviri pamusoro, zviri pachena kuti YARA yakawanda kupfuura yekuraira-mutsara utility: iri pieza clave mune chero advanced malware yekuona zano, chishandiso chinochinjika chinochinjika nenzira yako yekufunga semuongorori uye a mutauro wakajairika iyo inobatanidza marabhoritari, maSOC uye nharaunda dzekutsvagisa pasirese, zvichibvumira mutemo mutsva wega wega kuti uwedzere imwe nhanho yedziviriro kubva pamishandirapamwe iri kuwedzera yakaoma.
Aida nezve tekinoroji kubva achiri mudiki. Ini ndinoda kuva nemazuva ano muchikamu uye, pamusoro pezvose, kutaura nezvazvo. Ndokusaka ndakazvipira kutaurirana pane tekinoroji uye vhidhiyo mutambo mawebhusaiti kwemakore mazhinji ikozvino. Unogona kundiwana ndichinyora nezve Android, Windows, MacOS, iOS, Nintendo kana chero imwe nyaya ine hukama inouya mupfungwa.