• Stars
    star
    689
  • Rank 65,628 (Top 2 %)
  • Language
    PHP
  • License
    Other
  • Created over 6 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Kaspersky's GReAT KLara

GReAT's KLara project

KLara project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara.

In order to hunt efficiently for malware, one needs a large collection of samples to search over. Researchers usually need to fire a Yara rule over a collection / set of malicious files and then get the results back. In some cases, the rule needs adjusting. Unfortunately, scanning a large collection of files takes time. Instead, if a custom architecture is used, scanning 10TB of files can take around 30 minutes.

KLara, a distributed system written in Python, allows researchers to scan one or more Yara rules over collections with samples, getting notifications by e-mail as well as the web interface when scan results are ready.

Features

  • Modern web interface, allowing researchers to "fire and forget" their rules, getting back results by e-mail / API
  • Powerful API, allowing for automatic Yara jobs submissions, checking their status and getting back results. API Documentation will be released soon.
  • Distributed system, running on commodity hardware, easy to deploy and implement.

Architecture

KLara leverages Yara's power, distributing scans using a dispatcher-worker model. Each worker server connects to a dispatcher trying to check if new jobs are available. If a new job is indeed available, it checks to see if the required scan repository is available on its own filesystem and, if it is, it will start the Yara scan with the rules submitted by the researcher

The main issue KLara tries to solve is running Yara jobs over a large collection of malware samples ( > 1TB) in a reasonable amount of time.

Installing KLara

Please refer to instructions outlined here

======

If you have any issues with installing this software, please submit a bug report

Contributing and reporting issues

Anyone is welcome to contribute. Please submit a PR and our team will review it.

You can get in touch with us on our Telegram channel: #KLara

The best way to submit bugs or issues is using Github's Issues feature.

Credits

KLara team would like to thank

  • Costin, Marco, Vitaly, Sergey
  • Current, former and future GReAT members!
  • Alex@grep
  • All contributors

for their amazing input and ideas. Happy hunting!

More Repositories

1

TinyCheck

TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.
Python
3,077
star
2

Kaspresso

Android UI test framework
Kotlin
1,789
star
3

triangle_check

Python
509
star
4

iShutdown

Python
389
star
5

AdbServer

Adb Server for Espresso tests
Kotlin
119
star
6

ForensicsTools

Tools for DFIR
C++
117
star
7

VBscriptInternals

Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis
Python
84
star
8

Apihashes

IDA Pro plugin for recognizing known hashes of API function names
Python
81
star
9

hrtng

C++
71
star
10

ActionScript3

Tools for static and dynamic analysis of ActionScript3 SWF files.
Python
45
star
11

BuildMigrator

C
34
star
12

uif

Integration Platform to build UI and Web Services
TypeScript
33
star
13

WinDbg-JS-Scripts

JavaScript
32
star
14

xtraining-re101

Code snippets for Reverse engineering training for xtraining platform
C
30
star
15

bitscout

Shell
20
star
16

OpenTIP-scanner

Open-source file scanner that sends requests and optionally uploads files to OpenTIP.kaspersky.com.
Python
17
star
17

Articles

C++
16
star
18

SafeBoard

Repository for general info and code samples for test tasks used in SafeBoard Hackatons in Kaspersky Lab.
C++
15
star
19

klogga

Opinionated logging-audit-tracing library. Data collected via klogga can be configured to be exported to different sources, including traditional text logs, but with emphasis on structured storages, primarily time-series databases and Open Telemetry.
Go
12
star
20

hb_dec

C
11
star
21

threat-intelligence

A repository dedicated to deliver a comprehensive set of tools for integration and convenient use of Kaspersky Threat Intelligence services
Python
9
star
22

grpc-kos

Shared C [core library], C++, Ruby, Python, PHP, C# (core library based), Objective-C
C++
4
star
23

RAM

Framework to manage the product state and configuration
Python
4
star
24

protobuf-kos

Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data.
C++
3
star
25

abseil-cpp-kos

Abseil is an open source collection of C++ libraries drawn from the most fundamental pieces of Google’s internal codebase.
C++
2
star
26

c-ares-kos

c-ares is a C library for asynchronous DNS requests (including name resolves)
C++
1
star
27

boringssl-kos

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
C++
1
star