Wednesday, February 22, 2017

We took note of this article over on the NVISO Labs blog that basically starts off like this:

Did you know the open-source anti-virus ClamAV supports YARA rules? What benefits can this bring to us? One of the important features ClamAV has is the file decomposition capability. Say that the file you want to analyze resides in an archive, or is a packed executable, then ClamAV will unarchive/unpack the file, and run the YARA engine on it.

A lot of people actually don't know this.  But NVISIO wrote a great article on it and is definitely worth the read if you are interested in doing some hunting with Yara content with ClamAV.

Friday, February 10, 2017

Yesterday, several articles came out through various publications regarding a piece of malware named "MacDownloader".  It appears to be specifically targeting the Defense Industry. Several other research firms attribute the malware to Iranian attackers.

For more information we are publishing links to several blogs below:

https://blog.malwarebytes.com/threat-analysis/2017/02/macdownloader-malware-targeting-defense-industry/
http://www.csoonline.com/article/3167249/security/mac-malware-possibly-made-in-iran-targets-us-defense-industry.html

and finally the original blog:

https://iranthreats.github.io/resources/macdownloader-macos-malware/

Our ClamAV auto detection scripts have published detection for this already:

Osx.Downloader.MacDownloader-5781857-0

Please ensure you are scanning your machines regularly!