[SANS ISC] Malicious Code Can Be Anywhere

Today, I published the following diary on isc.sans.edu: “Malicious Code Can Be Anywhere“:

My Python hunting rules reported some interesting/suspicious files. The files are named with a “.ma” extension. Some of them have very low VT scores. For example, the one with a SHA256 dc16115d165a8692e6f3186afd28694ddf2efe7fd3e673bd90690f2ae7d59136 has a score of 15/59.

The “.ma” extension refers to animation projects created by Autodesk Maya, a 3D modeling and animation program. The files are typically ASCI files that describe the 3D scenes. I’ve absolutely, zero-knowledge of 3D software but after some Google searches, it seems that Maya supports Python!. Like the documentation says… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.