{"id":14350,"date":"2026-03-13T17:19:34","date_gmt":"2026-03-13T14:19:34","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14350"},"modified":"2026-03-13T17:19:34","modified_gmt":"2026-03-13T14:19:34","slug":"ktae-onprem-ida-pro-plugin","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/ktae-onprem-ida-pro-plugin\/14350\/","title":{"rendered":"Bulutsuz k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m atf\u0131"},"content":{"rendered":"

\u00d6nceki bir yaz\u0131m\u0131zda<\/a>, tehdit atfedilmesinin olay soru\u015fturmalar\u0131na nas\u0131l yard\u0131mc\u0131 oldu\u011funa dair pratik bir \u00f6rnek \u00fczerinden ilerlemi\u015ftik. Ayr\u0131ca, bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rne\u011finin hangi APT grubuna ait oldu\u011funu tahmin etmek i\u00e7in kulland\u0131\u011f\u0131m\u0131z ara\u00e7 olan Kaspersky Threat Attribution Engine\u2019i (KTAE) de tan\u0131tt\u0131k. Bu arac\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00f6stermek i\u00e7in, kapsaml\u0131 Tehdit Analizi hizmetimizin bir par\u00e7as\u0131 olarak KTAE\u2019ye eri\u015fim sa\u011flayan bulut tabanl\u0131 arac\u0131m\u0131z Kaspersky Threat Intelligence Portal<\/a>\u2018\u0131, bir sanal alan ve at\u0131fta bulunmayan benzerlik arama arac\u0131yla birlikte kulland\u0131k. Bulut hizmetinin avantajlar\u0131 a\u00e7\u0131kt\u0131r: M\u00fc\u015fteriler donan\u0131ma yat\u0131r\u0131m yapmak, herhangi bir \u015fey y\u00fcklemek veya herhangi bir yaz\u0131l\u0131m\u0131 y\u00f6netmek zorunda kalmazlar. Ancak, ger\u00e7ek hayattaki deneyimlerimizin g\u00f6sterdi\u011fi gibi, at\u0131f arac\u0131n\u0131n bulut versiyonu herkes i\u00e7in uygun de\u011fildir\u2026<\/p>\n

\u0130lk olarak, baz\u0131 kurulu\u015flar, herhangi bir verinin i\u00e7 s\u0131n\u0131rlar\u0131ndan \u00e7\u0131kmas\u0131n\u0131 kesinlikle yasaklayan d\u00fczenleyici k\u0131s\u0131tlamalara tabidir. Bu \u015firketlerin g\u00fcvenlik analistleri i\u00e7in, dosyalar\u0131 \u00fc\u00e7\u00fcnc\u00fc taraf bir servise y\u00fcklemek s\u00f6z konusu bile olamaz. \u0130kincisi, baz\u0131 \u015firketler daha esnek bir ara\u00e7 setine ihtiya\u00e7 duyan sert tehdit avc\u0131lar\u0131 istihdam etmektedir. Bu ara\u00e7 seti, Kaspersky Threat Intelligence ile birlikte kendi \u00f6zel ara\u015ft\u0131rmalar\u0131yla da \u00e7al\u0131\u015fabilmelerini sa\u011flamaktad\u0131r. Bu nedenle KTAE iki farkl\u0131 \u015fekilde sunulmaktad\u0131r: Bulut tabanl\u0131 s\u00fcr\u00fcm ve \u015firket i\u00e7i da\u011f\u0131t\u0131m.<\/p>\n

Bulut s\u00fcr\u00fcm\u00fcne k\u0131yasla \u015firket i\u00e7i KTAE\u2019nin avantajlar\u0131 nelerdir?<\/h2>\n

\u00d6ncelikle, KTAE\u2019nin yerel versiyonu, soru\u015fturman\u0131n tamamen gizli kalmas\u0131n\u0131 sa\u011flar. T\u00fcm analizler, kurulu\u015fun i\u00e7 a\u011f\u0131nda ger\u00e7ekle\u015ftirilir. Tehdit istihbarat\u0131 kayna\u011f\u0131, \u015firket s\u0131n\u0131rlar\u0131 i\u00e7inde da\u011f\u0131t\u0131lan bir veri taban\u0131d\u0131r; uzmanlar\u0131m\u0131z\u0131n bildi\u011fi her k\u00f6t\u00fc ama\u00e7l\u0131 \u00f6rne\u011fin benzersiz g\u00f6stergeleri ve at\u0131f verileriyle doludur; ayr\u0131ca hatal\u0131 pozitif tespitleri hari\u00e7 tutmak i\u00e7in yasal dosyalara ait \u00f6zellikleri de i\u00e7erir. Veri taban\u0131 d\u00fczenli olarak g\u00fcncellenir, ancak tek y\u00f6nl\u00fc \u00e7al\u0131\u015f\u0131r; hi\u00e7bir bilgi m\u00fc\u015fterinin a\u011f\u0131ndan d\u0131\u015far\u0131 \u00e7\u0131kmaz.<\/p>\n

\"\"<\/a><\/p>\n

Ayr\u0131ca, KTAE\u2019nin \u015firket i\u00e7i s\u00fcr\u00fcm\u00fc, uzmanlara veri taban\u0131na yeni tehdit gruplar\u0131 ekleme ve bunlar\u0131 kendi ke\u015ffettikleri k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rnekleriyle ili\u015fkilendirme olana\u011f\u0131 sa\u011flar. Bu; yeni dosyalar\u0131n daha sonra atfedilmesi durumunda, i\u00e7 ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan eklenen verilerin hesaba kat\u0131laca\u011f\u0131 anlam\u0131na gelir ve uzmanlar\u0131n kendi benzersiz k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m k\u00fcmelerini katalo\u011fa almas\u0131na, onlarla \u00e7al\u0131\u015fmas\u0131na ve benzerlikleri tespit etmesine olanak tan\u0131r.<\/p>\n

\u0130\u015fte ba\u015fka bir kullan\u0131\u015fl\u0131 uzman arac\u0131: Ekibimiz, KTAE\u2019nin yerel s\u00fcr\u00fcm\u00fcyle kullan\u0131lmak \u00fczere pop\u00fcler bir ayr\u0131\u015ft\u0131r\u0131c\u0131 olan IDA Pro i\u00e7in \u00fccretsiz bir eklenti<\/a> geli\u015ftirdi.<\/p>\n

<\/a>Bir ayr\u0131\u015ft\u0131r\u0131c\u0131 i\u00e7in at\u0131f eklentisinin amac\u0131 nedir?<\/h2>\n

Alarm triyaj\u0131nda g\u00f6revli bir SOC analisti i\u00e7in, altyap\u0131da bulunan k\u00f6t\u00fc ama\u00e7l\u0131 bir dosyay\u0131 atfetmek olduk\u00e7a basittir: Dosyay\u0131 KTAE\u2019ye (bulut veya \u015firket i\u00e7i) y\u00fckleyin ve Manuscrypt (83%) <\/em>gibi bir karar al\u0131n. Bu, o grubun bilinen ara\u00e7 setine kar\u015f\u0131 yeterli \u00f6nlemleri almak ve genel durumu de\u011ferlendirmek i\u00e7in yeterlidir. Ancak bir tehdit avc\u0131s\u0131, bu karar\u0131 oldu\u011fu gibi kabul etmek istemeyebilir. Alternatif olarak, \u201cBu grup taraf\u0131ndan kullan\u0131lan t\u00fcm k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rneklerinde hangi kod par\u00e7alar\u0131 benzersizdir?\u201d diye sorabilirler. Burada ayr\u0131\u015ft\u0131r\u0131c\u0131l\u0131k i\u00e7in bir at\u0131f eklentisi kullan\u0131\u015fl\u0131 olacakt\u0131r.<\/p>\n

\"\"<\/a><\/p>\n

IDA Pro arabiriminde, eklenti at\u0131f algoritmas\u0131n\u0131 tetikleyen belirli s\u00f6k\u00fclm\u00fc\u015f kod par\u00e7alar\u0131n\u0131 vurgular. Bu, yeni k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rneklerinde daha uzman d\u00fczeyinde derinlemesine bir inceleme yap\u0131lmas\u0131na olanak sa\u011flamakla kalmaz, ayn\u0131 zamanda ara\u015ft\u0131rmac\u0131lar\u0131n at\u0131f kurallar\u0131n\u0131 an\u0131nda iyile\u015ftirmelerine de yard\u0131mc\u0131 olur. Sonu\u00e7 olarak, algoritma ve KTAE\u2019nin kendisi s\u00fcrekli geli\u015ferek her \u00e7al\u0131\u015ft\u0131rmada at\u0131flar\u0131n do\u011frulu\u011funu art\u0131rmaktad\u0131r.<\/p>\n

<\/a>Eklentiyi nas\u0131l kurabilirsiniz?<\/h2>\n

Eklenti, Python ile yaz\u0131lm\u0131\u015f bir komut dosyas\u0131d\u0131r. \u00c7al\u0131\u015ft\u0131rmak i\u00e7in IDA Pro\u2019ya ihtiyac\u0131n\u0131z vard\u0131r. Ne yaz\u0131k ki, Python eklentilerini desteklemedi\u011fi i\u00e7in IDA Free\u2019de \u00e7al\u0131\u015fmayacakt\u0131r. Python hen\u00fcz y\u00fckl\u00fc de\u011filse, onu indirip ba\u011f\u0131ml\u0131l\u0131klar\u0131 kurman\u0131z (GitHub depomuzdaki<\/a> gereksinimler dosyas\u0131n\u0131 kontrol edin) ve IDA Pro ortam de\u011fi\u015fkenlerinin Python k\u00fct\u00fcphanelerine i\u015faret etti\u011finden emin olman\u0131z gerekir.<\/p>\n

Ard\u0131ndan, yerel KTAE \u00f6rne\u011finizin URL\u2019sini komut dosyas\u0131 g\u00f6vdesine eklemeniz ve t\u0131pk\u0131 KTAE belgelerinde a\u00e7\u0131klanan<\/a> \u00f6rnek komut dosyas\u0131nda oldu\u011fu gibi API belirtecinizi (ticari olarak temin edilebilir) sa\u011flaman\u0131z gerekir.<\/p>\n

Ard\u0131ndan, komut dosyas\u0131n\u0131 IDA Pro eklenti klas\u00f6r\u00fcne b\u0131rak\u0131p ayr\u0131\u015ft\u0131r\u0131c\u0131y\u0131 \u00e7al\u0131\u015ft\u0131rabilirsiniz. Do\u011fru \u015fekilde yapt\u0131ysan\u0131z, bir \u00f6rne\u011fi y\u00fckleyip par\u00e7alad\u0131ktan sonra, D\u00fczenle<\/em> \u2192 Eklentiler<\/em> men\u00fcs\u00fcnde Kaspersky Threat Attribution Engine (KTAE)<\/em> eklentisini ba\u015flatma se\u00e7ene\u011fini g\u00f6receksiniz:<\/p>\n

\"\"<\/a><\/p>\n

<\/a>Eklenti nas\u0131l kullan\u0131l\u0131r?<\/h2>\n

Eklenti y\u00fcklendi\u011finde, arka planda \u015fu i\u015flemler ger\u00e7ekle\u015fir: IDA Pro\u2019da \u015fu anda y\u00fckl\u00fc olan dosya, komut dosyas\u0131nda yap\u0131land\u0131r\u0131lan URL\u2019de yerel olarak y\u00fckl\u00fc KTAE hizmetine API arac\u0131l\u0131\u011f\u0131yla g\u00f6nderilir. Hizmet dosyay\u0131 analiz eder ve analiz sonu\u00e7lar\u0131 do\u011frudan IDA Pro\u2019ya geri g\u00f6nderilir.<\/p>\n

Yerel bir a\u011fda, komut dosyas\u0131 genellikle birka\u00e7 saniye i\u00e7inde i\u015fini tamamlar (s\u00fcre, KTAE sunucusuna olan ba\u011flant\u0131ya ve analiz edilen dosyan\u0131n boyutuna ba\u011fl\u0131d\u0131r). Eklenti tamamland\u0131\u011f\u0131nda, ara\u015ft\u0131rmac\u0131 vurgulanan kod par\u00e7alar\u0131n\u0131 incelemeye ba\u015flayabilir. \u00c7ift t\u0131klama, analiz i\u00e7in do\u011frudan montaj veya ikili koddaki (Hex g\u00f6r\u00fcn\u00fcm\u00fc) ilgili b\u00f6l\u00fcme y\u00f6nlendirir. Bu ek veri noktalar\u0131, payla\u015f\u0131lan kod bloklar\u0131n\u0131 kolayca tespit etmeyi ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ara\u00e7 setindeki de\u011fi\u015fiklikleri izlemeyi kolayla\u015ft\u0131r\u0131r.<\/p>\n

Bu arada, GReAT ekibinin tehdit avc\u0131lar\u0131n\u0131n i\u015fini kolayla\u015ft\u0131rmak i\u00e7in geli\u015ftirdi\u011fi tek IDA Pro eklentisi bu de\u011fildir. Ayr\u0131ca, tersine m\u00fchendislik s\u00fcrecini \u00f6nemli \u00f6l\u00e7\u00fcde h\u0131zland\u0131ran ve kolayla\u015ft\u0131ran ba\u015fka bir IDA eklentimiz <\/a>de bulunmaktad\u0131r. Bu eklenti, IDA Eklenti Yar\u0131\u015fmas\u0131 2024<\/a>\u2018\u00fcn galibi olmu\u015ftur. <\/div>\n

Kaspersky Threat Attribution Engine ve nas\u0131l kullan\u0131ld\u0131\u011f\u0131 hakk\u0131nda daha fazla bilgi edinmek i\u00e7in resmi \u00fcr\u00fcn belgelerine<\/a> g\u00f6z atabilirsiniz. Bir tan\u0131t\u0131m veya pilot proje d\u00fczenlemek i\u00e7in l\u00fctfen Kaspersky web sitesindeki formu<\/a> doldurun.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Kaspersky Threat Attribution Engine’in yerel s\u00fcr\u00fcm\u00fcn\u00fcn amac\u0131 nedir ve IDA Pro’ya nas\u0131l ba\u011flan\u0131r?<\/p>\n","protected":false},"author":2792,"featured_media":14351,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2753,1109,1935],"class_list":{"0":"post-14350","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-hizmetler","10":"tag-saldirilar","11":"tag-tehdit-istihbarati"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/ktae-onprem-ida-pro-plugin\/14350\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ktae-onprem-ida-pro-plugin\/30234\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ktae-onprem-ida-pro-plugin\/25311\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/ktae-onprem-ida-pro-plugin\/13251\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ktae-onprem-ida-pro-plugin\/30107\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ktae-onprem-ida-pro-plugin\/31905\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ktae-onprem-ida-pro-plugin\/30515\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ktae-onprem-ida-pro-plugin\/41387\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ktae-onprem-ida-pro-plugin\/55350\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/ktae-onprem-ida-pro-plugin\/23694\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ktae-onprem-ida-pro-plugin\/24797\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ktae-onprem-ida-pro-plugin\/33302\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ktae-onprem-ida-pro-plugin\/30346\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ktae-onprem-ida-pro-plugin\/35991\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ktae-onprem-ida-pro-plugin\/35648\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tehdit-istihbarati\/","name":"tehdit istihbarat\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2792"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14350"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14350\/revisions"}],"predecessor-version":[{"id":14353,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14350\/revisions\/14353"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14351"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}