KLara advanced threat hunting tool is available to everyone

KARPERSKY LAB researchers have developed KLara security software in an open-source range to make it available to everyone. KLara, created by Kaspersky Lab researchers to speed up internal search for malware samples related to advanced threats, is a distributed scanning tool based on specific rules for finding software Malware, which is able to run multiple databases in multiple databases simultaneously, allowing researchers to hunt down advanced threats more effectively.


The detection of malware samples related to advanced threats is an essential part of e-threat research, helping researchers track electronic threats over time and protect users from the entire scope of cyber sabotage.

Many researchers rely on rules created using the YARA security tool, which helps them identify malware related to advanced threats by looking at specific properties or patterns.

The YARA rules are used to track those responsible for advanced threats and operations based on malicious software free of files, the use of proper tools, or when adapting malicious code to carry out attacks with special characteristics or targeting specific victims. However, the establishment and testing of YARA rules may represent The process is time-consuming.

Kaspersky Lab researchers to address this problem created KLara as a distributed system that can run a fast and distributed chain of searches in YARA rules, involving multiple rules and sets of multiple samples, including researchers' malware collections.

This allows the identification of samples related to advanced threats more quickly, resulting in faster protection for users. The team has now passed the KLara tool to an open source domain where it is available to all.
"The detection of cyber threats requires tools and systems that can catch malware effectively, especially when tracking targeted threat campaigns developed over months or even years of activity," said Dan Demeter, a security researcher at Kaspersky Lab and one of the creators of the KLara tool.

"We have created the KLara tool to help us improve and accelerate threats, and now we want to share the e-security community so everyone can take advantage of their benefits," said Demeter.

The KLara tool is available through Kaspersky Lab's official GitHub account, and more technical details and API details can be found on the Securelist page. The software is open source under the third release of the General Public License v3.0 Under the GNU operating system, it is available without any warranty from developers.

Kaspersky Lab's GitHub account also contains another tool that the company's experts and researchers developed and made available to all in 2017, BitScout, developed by the principal security researcher Vitaly Kamlock, to collect remote biometric data such as malware samples, Without exposing them to the risk of pollution or loss.