SANS Internet Storm Center – Page 9

[SANS ISC] From Python to .Net

Posted on April 29, 2021 by Xavier

I published the following diary on isc.sans.edu: “From Python to .Net“: The Microsoft operating system provides the .Net framework to developers. It allows to fully interact with the OS and write powerful applications… but also malicious ones. In a previous diary, I talked about a malicious Python script that interacted with the

The post [SANS ISC] From Python to .Net appeared first on /dev/random.

Continue reading [SANS ISC] From Python to .Net→

[SANS ISC] Malicious PowerPoint Add-On: “Small Is Beautiful”

Posted on April 23, 2021 by Xavier

I published the following diary on isc.sans.edu: “Malicious PowerPoint Add-On: ‘Small Is Beautiful‘”: Yesterday I spotted a DHL-branded phishing campaign that used a PowerPoint file to compromise the victim. The malicious attachment is a PowerPoint add-in. This technique is not new, I already analyzed such a sample in a previous

The post [SANS ISC] Malicious PowerPoint Add-On: “Small Is Beautiful” appeared first on /dev/random.

Continue reading [SANS ISC] Malicious PowerPoint Add-On: “Small Is Beautiful”→

[SANS ISC] How Safe Are Your Docker Images?

Posted on April 22, 2021 by Xavier

I published the following diary on isc.sans.edu: “How Safe Are Your Docker Images?“: Today, I don’t know any organization that is not using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a

The post [SANS ISC] How Safe Are Your Docker Images? appeared first on /dev/random.

Continue reading [SANS ISC] How Safe Are Your Docker Images?→

[SANS ISC] HTTPS Support for All Internal Services

Posted on April 16, 2021 by Xavier

I published the following diary on isc.sans.edu: “HTTPS Support for All Internal Services“: SSL/TLS has been on stage for a while with deprecated protocols, free certificates for everybody. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday, Chrome

The post [SANS ISC] HTTPS Support for All Internal Services appeared first on /dev/random.

Continue reading [SANS ISC] HTTPS Support for All Internal Services→

[SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy

Posted on April 9, 2021 by Xavier

I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“: For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default

The post [SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy appeared first on /dev/random.

Continue reading [SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy→

[SANS ISC] Simple Powershell Ransomware Creating a 7Z Archive of your Files

Posted on April 8, 2021 by Xavier

I published the following diary on isc.sans.edu: “Simple Powershell Ransomware Creating a 7Z Archive of your Files“: If some ransomware families are based on PE files with complex features, it’s easy to write quick-and-dirty ransomware in other languages like Powershell. I found this sample while hunting. I’m pretty confident that this

The post [SANS ISC] Simple Powershell Ransomware Creating a 7Z Archive of your Files appeared first on /dev/random.

Continue reading [SANS ISC] Simple Powershell Ransomware Creating a 7Z Archive of your Files→

[SANS ISC] C2 Activity: Sandboxes or Real Victims?

Posted on April 2, 2021 by Xavier

I published the following diary on isc.sans.edu: “C2 Activity: Sandboxes or Real Victims?“: In my last diary, I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the

The post [SANS ISC] C2 Activity: Sandboxes or Real Victims? appeared first on /dev/random.

Continue reading [SANS ISC] C2 Activity: Sandboxes or Real Victims?→

[SANS ISC] Quick Analysis of a Modular InfoStealer

Posted on March 31, 2021 by Xavier

I published the following diary on isc.sans.edu: “Quick Analysis of a Modular InfoStealer“: This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the attached document. The filename was “AVISO.001” (This extension is used by multi-volume

The post [SANS ISC] Quick Analysis of a Modular InfoStealer appeared first on /dev/random.

Continue reading [SANS ISC] Quick Analysis of a Modular InfoStealer→

[SANS ISC] Jumping into Shellcode

Posted on March 29, 2021 by Xavier

I published the following diary on isc.sans.edu: “Jumping into Shellcode“: Malware analysis is exciting because you never know what you will find. In previous diaries, I already explained why it’s important to have a look at groups of interesting Windows API call to detect some behaviors. The classic example is code

The post [SANS ISC] Jumping into Shellcode appeared first on /dev/random.

Continue reading [SANS ISC] Jumping into Shellcode→

[SANS ISC] Pastebin.com Used As a Simple C2 Channel

Posted on March 19, 2021 by Xavier

I published the following diary on isc.sans.edu: “Pastebin.com Used As a Simple C2 Channel“: With the growing threat of ransomware attacks, they are other malicious activities that have less attention today but they remain active. Think about crypto-miners. Yes, attackers continue to mine Monero on compromised systems. I spotted an interesting

The post [SANS ISC] Pastebin.com Used As a Simple C2 Channel appeared first on /dev/random.

Continue reading [SANS ISC] Pastebin.com Used As a Simple C2 Channel→