#maldoc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #maldoc, aggregated by home.social.
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.17.0 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant experience. Now ships with two command line tools for extracting stuff from PDF files:
1. extract_text_from_pdfs() - brute force extract all text from a PDF, including doing an #OCR extraction of any embedded images
2. extract_pdf_pages() - rip a page range from a #PDF and write them to a new one
* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer
* Fun thread someone made last week using Pdfalyzer to explain some of how byzantine the PDF format is: https://x.com/VikParuchuri/status/1965773078585344215#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule #PdfFies
-
Released v1.17.0 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant experience. Now ships with two command line tools for extracting stuff from PDF files:
1. extract_text_from_pdfs() - brute force extract all text from a PDF, including doing an #OCR extraction of any embedded images
2. extract_pdf_pages() - rip a page range from a #PDF and write them to a new one
* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer
* Fun thread someone made last week using Pdfalyzer to explain some of how byzantine the PDF format is: https://x.com/VikParuchuri/status/1965773078585344215#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule #PdfFies
-
Released v1.17.0 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant experience. Now ships with two command line tools for extracting stuff from PDF files:
1. extract_text_from_pdfs() - brute force extract all text from a PDF, including doing an #OCR extraction of any embedded images
2. extract_pdf_pages() - rip a page range from a #PDF and write them to a new one
* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer
* Fun thread someone made last week using Pdfalyzer to explain some of how byzantine the PDF format is: https://x.com/VikParuchuri/status/1965773078585344215#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule #PdfFies
-
Released v1.17.0 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant experience. Now ships with two command line tools for extracting stuff from PDF files:
1. extract_text_from_pdfs() - brute force extract all text from a PDF, including doing an #OCR extraction of any embedded images
2. extract_pdf_pages() - rip a page range from a #PDF and write them to a new one
* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer
* Fun thread someone made last week using Pdfalyzer to explain some of how byzantine the PDF format is: https://x.com/VikParuchuri/status/1965773078585344215#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule #PdfFies
-
Released v1.17.0 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant experience. Now ships with two command line tools for extracting stuff from PDF files:
1. extract_text_from_pdfs() - brute force extract all text from a PDF, including doing an #OCR extraction of any embedded images
2. extract_pdf_pages() - rip a page range from a #PDF and write them to a new one
* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer
* Fun thread someone made last week using Pdfalyzer to explain some of how byzantine the PDF format is: https://x.com/VikParuchuri/status/1965773078585344215#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule #PdfFies
-
Just published version 1.16.6 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant encounter with such a creature. Includes a (kind of janky) #YARA rule for #GIFTEDCROOK infostealer PDFs.
* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule
-
@evacide seeing as how it seems like the Paragon attack was executed via maldoc PDFs i'll just mention i created a (surprisingly popular) tool for analyzing (possibly malicious) PDFs after my own unpleasant encounter with such a creature
https://github.com/michelcrypt4d4mus/pdfalyzer
#paragon #infosec #Whatsapp #PDF #pdfalyzer #Malware #maldoc
-
@evacide seeing as how it seems like the Paragon attack was executed via maldoc PDFs i'll just mention i created a (surprisingly popular) tool for analyzing (possibly malicious) PDFs after my own unpleasant encounter with such a creature
https://github.com/michelcrypt4d4mus/pdfalyzer
#paragon #infosec #Whatsapp #PDF #pdfalyzer #Malware #maldoc
-
@evacide seeing as how it seems like the Paragon attack was executed via maldoc PDFs i'll just mention i created a (surprisingly popular) tool for analyzing (possibly malicious) PDFs after my own unpleasant encounter with such a creature
https://github.com/michelcrypt4d4mus/pdfalyzer
#paragon #infosec #Whatsapp #PDF #pdfalyzer #Malware #maldoc
-
@evacide seeing as how it seems like the Paragon attack was executed via maldoc PDFs i'll just mention i created a (surprisingly popular) tool for analyzing (possibly malicious) PDFs after my own unpleasant encounter with such a creature
https://github.com/michelcrypt4d4mus/pdfalyzer
#paragon #infosec #Whatsapp #PDF #pdfalyzer #Malware #maldoc
-
@evacide seeing as how it seems like the Paragon attack was executed via maldoc PDFs i'll just mention i created a (surprisingly popular) tool for analyzing (possibly malicious) PDFs after my own unpleasant encounter with such a creature
https://github.com/michelcrypt4d4mus/pdfalyzer
#paragon #infosec #Whatsapp #PDF #pdfalyzer #Malware #maldoc
-
The embedded Word document contains a VBS macro that is designed to download and install an MSI malware file if opened as a .DOC file in Microsoft Office.
#malware #cybersecurity #PDF #MalDoc
https://cybersec84.wordpress.com/2023/09/04/new-polyglot-maldoc-attack-in-pdf-evades-antivirus/
-
Beware of #MalDoc in #PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus ⚠️
https://thehackernews.com/2023/09/beware-of-maldoc-in-pdf-new-polyglot.html
-
#MalDoc in #PDF: Japanisches CERT warnt vor in PDFs versteckten #Malware-Dokumenten | Security https://www.heise.de/news/MalDoc-in-PDF-Japanisches-CERT-warnt-vor-versteckter-Malware-9288262.html
-
MalDoc in PDF attacks use a combination of Word and PDF files to spread malware https://tchlp.com/3Z2m1l2 #maldoc #pdf #word #malware
-
A Japanese agency managed to detect a ‘#MalDoc in PDF’ attack, involving #PDFs with embedded malicious #Word files that bypass detection by traditional PDF analysis tools.
#Japan #cybersecurity #infosec #malwarehttps://cybernews.com/news/jpcert-maldoc-malicious-pdf-attack/
-
Struggling with the wave of OneNote #phishing documents? Did you know you can block OneNote from launching an embedded file, which prevents the current wave of phishing docs.
#DFIR #CSIRT #MalDoc
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ -
@SophosXOps All the #OneNote #maldoc documents in this case contain a static image that prompts the user to click a button in response to text that says "This document contains attachments from the cloud, to receive them, double click 'open.'"
When you open the document, it spawns an embedded HTML Application (eg., an .hta file) with an embedded, obfuscated script in the DIV tag. That script retrieves a Qakbot DLL payload from a website and executes the initial infection command. 5/6
-
@SophosXOps #Qakbot's threat actors typically use email messages as their initial attack vector, "injecting" a malicious email into the middle of existing conversational threads, replying to all parties with either a #maldoc attachment or a link to a #malware file.
They're the worst kind of "reply guy" 3/6
-
A malicious doc on the name of Colombian GOV spread as a fake lawsuit and enforced collection.
@dimitribest4a69b0a3796dd688d57e11658ac1058c <doc
9792c84f24e1492cc4d179523fdfcb9d < vbs
1e989e84f5967d84f40acabaad3395de < NjratIoCs:
hxxps://cdn.discordapp.com/attachments/1047544891632259145/1047971566543179936/2dode8002[.]vbshxxps://cdn.discordapp.com/attachments/1047543449777344516/1047971253056708729/2dode8002[.]txt
135d1da64932e6f858f7136f8c2b339f