@evacide seeing as how it seems like the Paragon attack was executed via maldoc PDFs i'll just mention i created a (surprisingly popular) tool for analyzing (possibly malicious) PDFs after my own unpleasant encounter with such a creature

https://github.com/michelcrypt4d4mus/pdfalyzer

#paragon #infosec #Whatsapp #PDF #pdfalyzer #Malware #maldoc

just pushed a new release of The Yaralyzer, my unexpectedly popular tool for visually inspecting the output of #YARA scans with a lot of colors. example output below. change is small: it can now use a directory full of YARA rules files without renaming them all to end in .yara.

https://github.com/michelcrypt4d4mus/yaralyzer

someone has packaged this tool for Kali Linux though I don't know if it's in the distro yet. also available for macOS homebrew via an installer someone made for The Pdfalyzer.

Thomas Roccia at #Microsoft was also kind enough to make The Yaralyzer available via a web interface: https://x.com/fr0gger_/status/1749690000478974283

#malware #infosec #cybersecurity #kali #KaliLinux #YARArules #malwaredetection #threathunting #reverseEngineering #malwareAnalysis #reversing #yaralyze #yaralyzer #pdfalyze #pdfalyzer #detectionengineering

https://github.com/michelcrypt4d4mus/pdfalyzer/issues/10 #yara #yararule #pdf #pdfalyzer