Modern cybersecurity faces an escalating challenge: fileless malware and obfuscation techniques increasingly bypass traditional file-based detection methods.
To address this growing threat, JPCERT/CC has released YAMAGoya. This open-source threat hunting tool leverages industry-standard detection rules to identify suspicious activity in real time.
YAMAGoya represents a significant advancement in endpoint threat detection by combining Event Tracing for Windows (ETW) event monitoring with memory scanning capabilities.
Open-Source Endpoint Detection Solution
Unlike conventional security tools that rely on proprietary detection engines, YAMAGoya directly supports Sigma and YARA rules.
Enabling security analysts to deploy community-driven detection logic across their infrastructure.
The tool operates entirely in userland, requiring no kernel driver installation, which simplifies deployment across organizational environments.
Its real-time monitoring capabilities track files, processes, registry modifications, DNS queries, network connections, PowerShell execution, and WMI commands simultaneously.
This comprehensive approach enables the detection of both traditional and fileless malware threats.
According to JPCERT/CC, YAMAGoya supports multiple rule formats, including Sigma rules, YARA rules for memory scanning, and custom YAML rules for correlation-based detection.
JPCERT/CC security teams can create sophisticated detection logic that correlates multiple events.
Such as file creation followed by process execution, DLL loading, and network communication, to identify malicious activity patterns.
The tool is available for immediate evaluation through pre-built binaries on GitHub, with source code available for organizations requiring custom builds.
YAMAGoya operates via both graphical and command-line interfaces, accommodating different operational preferences.
Users can run Sigma rule monitoring or memory scanning with simple commands, provided they have administrative privileges.
JPCERT/CC detection alerts appear in the tool’s interface. They are logged to Windows Event Log with specific event IDs for integration with security information and event management (SIEM) systems.
This enables centralized monitoring and alerting across enterprise environments. By supporting industry-standard detection rules, YAMAGoya democratizes advanced threat detection capabilities.
JPCERT/CC researchers and incident responders can now leverage community-developed Sigma and YARA rules without vendor lock-in, strengthening the collective cybersecurity defense posture against emerging threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
