Tuesday, February 26, 2013

Yara Scanning added to command line tools

We've pushed out updates to PDFExaminer and Cryptam command line versions tonight that include Yara scanning capability, unlike running the standard Yara tool, using our Yara plugin in PDFExaminer and Cryptam allow you to look deeper inside document files.


PDFExaminer CLI - Yara Related Features

  • Run Yara signatures against decoded streams such as FlateDecode, AsciiHex85, CCITTFaxDecode, and many more.
  • Run Yara signatures against decrypted streams of RC4/AES encrypted PDFs
  • Run Yara signatures against decrypted parameter strings.

Cryptam CLI - Yara Related Features

  • Run Yara signatures against all the subfiles of OpenXML format documents such as docx, xlsx, pptx.
  • Run Yara signatures against decoded RTF datastreams
  • Run Yara signatures against automatically decrypted embedded executables and dropped clean documents.
Automate your triage of incoming targeted APT attacks.  Scan a malware RTF file, extract the executables, and identify the implant or intrusion set TTP with your own Yara signatures all in one step.

More Yara integration to follow on our web-based version too. More info on Yara here.

No comments:

Post a Comment