PDFiD.py Output to JSON
I want to store as much data as possible about this malware being collected, and I realized that a database would be the best idea in storing the data. One of the things I was playing around with in my...
View ArticleNew CVE to the List of Malware
Today I went through and ran the newly collected malware I found through a couple scanners. For the most part all the vulnerabilities exploited seemed to match with the existing samples I already had....
View ArticleComplete Malware Sample Dump in MongoDB (50 malicious PDF objects)
Since releasing the malpdfobj tool (~24 hours), I have been running and testing it. I found a couple bugs that caused issues when inserting some samples into the database, but those are all now fixed...
View ArticleMalicious PDF Files do not Appear to Share Objects
I wanted to wait on releasing this until I made some more queries, but that may take a few days, so here it is now. The night I got all my malicious files into my MongoDB instance I started to query....
View ArticleUpdates, Reflections and More Plans
In my last post I mentioned that I wanted to put together an API for my malpdfobj tool, so sharing could be easier. The good news is that I have the RESTful API functioning complete with interactive...
View ArticleClik here to view.
Visualizing Malicious PDF Entropy
A couple months back I remember reading a post from Symantec about visualizing entropy to identify infected Microsoft documents. At the time it didn’t really dawn upon me to visualize the PDF samples I...
View ArticleMalicious PDF Payloads: Size really does matter
Back when I was looking at averages of information collected across random/malicious documents, I noted that filesize seemed to be a helper in narrowing down whether or not a file could be suspicious...
View Article100,000K+ Potential PDF Static Signatures and Output
When I mention mapreduce I typically get a blank stare in return and even more so when I talk about it with malware. I think raw data tends to speak much louder than theories or whitepapers, so...
View ArticleReleased Malware Statistics and Scoring Tests
Before I get to the interesting news, I wanted to point out that I released the Malware database snapshot. This is essentially the same thing as the random dataset, but the content is derived from...
View ArticleClik here to view.
VirusTotal Old Format to Proposed Format Script
I updated my last post with the response I got from VirusTotal. The short answer was that I needed to basically roll my own translation from the old format to my proposed format. Being that I want to...
View Article