Question Description
take an in-depth look at the YARA framework in order to understand how to create a quality signature that can be used to detect malicious files associated with an alleged Iranian threat group known as "Leafminer."
More information on YARA can be found via the following webpage: https://blog.malwarebytes.com/security-world/technology/2017/09/explained-yara-rules/
Requirements:
1) In 1-2 paragraphs, please describe what the YARA framework is and why it has been widely adopted by cyber threat intelligence analysts in order to identify malware associated with bad actors.
2) In 1-2 paragraphs, please provide a brief overview of the Leafminer threat group based upon information contained in the following article: https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east
3) Using VirusTotal, please search for the following file hash: 1232366c104bdb6e42b04adb7eff4e08
- Please analyze this sample (using both VT and the metadata in the attached text file) and write a YARA signature that contains unique strings that is likely to produce true positive results for threat hunting activities
- Here's an example of a rule template you can use when writing your rule:
- rule Leafminer { strings: $s1 = "Sorgu.exe" wide ascii $s2 = "https://iqhost.us:3389/" wide ascii condition: any of them }
You are encouraged to perform additional open source research on the topics of YARA and Leafminer as necessary to support your submission. Please provide a list of all external sources (URLs are sufficient) on the last page of your report.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Place Order” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.