YARA规则用于检测Palantir Gotham数据联邦
我一直在分析2025年联邦数据整合(SSA/IRS/DHS)在Palantir Gotham下的架构。我没有找到任何公开的检测规则,因此我编写了一套YARA规则,以识别这些特定的数据结构和实体解析模式。
查看原文
I've been analyzing the architecture of the 2025 federal data consolidation (SSA/IRS/DHS) under Palantir Gotham. I couldn't find any public detection rules, so I wrote a set of YARA rules to identify these specific data structures and the entity resolution patterns.