Malware:ITX8060:2015:LAB3

Allikas: Kursused
Redaktsioon seisuga 20. november 2015, kell 00:13 kasutajalt Toomas (arutelu | kaastöö) (Uus lehekülg: 'Create a Yara rule that takes your student code as a parameter and finds a file from www.tud.ttu.ee/im/Toomas.Lepik/Malware/malware.zip Arrange the files in the zip file alpha...')
(erin) ←Vanem redaktsioon | Viimane redaktsiooni (erin) | Uuem redaktsioon→ (erin)
Mine navigeerimisribale Mine otsikasti

Create a Yara rule that takes your student code as a parameter

and finds a file from www.tud.ttu.ee/im/Toomas.Lepik/Malware/malware.zip

Arrange the files in the zip file alphabetically,

assign each a number starting from 


 Take mod 98 from your student code. 

 Create a YARA rule that would find the file that has the same number as the mod 98 from your student code.

 Make similar YARA rules for atleast two malwares from https://courses.cs.ttu.ee/pages/Malware:ITX8060:2015:LAB2

The Yara rule should NOT be based on:

  • file name
  • hash of the file
Pärit leheküljelt "http://courses.cs.taltech.ee/w/index.php?title=Malware:ITX8060:2015:LAB3&oldid=3434"