Wednesday, February 25, 2015

What to do with MD5 checksums of files provided as an Indicator of Compromise?

I spotted this blog article over on thepcn3rd blog, with a really simple blog article on how to generate ClamAV detection quickly given an md5 for a malicious file.

As I have researched malware and the indicators of compromise an MD5 checksum of the files are provided so that you can detect them in your environment. I am not sure about your anti-virus but I am not able to plug-in an MD5 and have it search for them across the enterprise as it does it's scan.
The blog highlights a great point about ClamAV and Open Source, the ability to generate your own detection!

Take a look at the blog here.