↧
Image may be NSFW.
Clik here to view.
Clik here to view.
Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs
jpcert reported a new type of maldoc: “MalDoc in PDF – Detection bypass by embedding a malicious Word file into a PDF file –“. These maldocs are PDF files that embed a Word document (ActiveMime) in...
View ArticleQuickpost: PDF/ActiveMime Maldocs YARA Rule
Here is a YARA rule I developed to detect PDF/ActiveMime maldocs I wrote about in “Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs“. It looks for files that start with %PDF- (this header can be...
View Article