SANS ISC – Page 5 – WindowsTechs.com

[SANS ISC] Infostealer in a Batch File

Posted on March 9, 2022 by Xavier

I published the following diary on isc.sans.edu: “Infostealer in a Batch File“: It’s pretty common to see malicious content delivered as email attachments. Every day, my mailboxes are flooded with malicious content… which is great from a research point of view. Am I the only one to be happy when I see

The post [SANS ISC] Infostealer in a Batch File appeared first on /dev/random.

Continue reading [SANS ISC] Infostealer in a Batch File→

[SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective

Posted on February 24, 2022 by Xavier

I published the following diary on isc.sans.edu: “Ukraine & Russia Situation From a Domain Names Perspective“: For a few days, the eyes of the world are on the situation between Russia and Ukraine. Today, operations are also organized in the “cyber” dimension (besides the classic ones – land, air, sea,

The post [SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective appeared first on /dev/random.

Continue reading [SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective→

[SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware

Posted on February 22, 2022 by Xavier

I published the following diary on isc.sans.edu: “A Good Old Equation Editor Vulnerability Delivering Malware“: Here is another sample demonstrating how attackers still rely on good old vulnerabilities… In 2017, Microsoft Office suffered from a critical vulnerability that affected its Equation Editor tool, known as CVE-2017-11882. It’s a memory corruption

The post [SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware appeared first on /dev/random.

Continue reading [SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware→

[SANS ISC] Remcos RAT Delivered Through Double Compressed Archive

Posted on February 18, 2022 by Xavier

I published the following diary on isc.sans.edu: “Remcos RAT Delivered Through Double Compressed Archive“: One of our readers shared an interesting sample received via email. Like him, if you get access to interesting/suspicious data, please share it with us (if you’re authorized of course). We are always looking for fresh

The post [SANS ISC] Remcos RAT Delivered Through Double Compressed Archive appeared first on /dev/random.

Continue reading [SANS ISC] Remcos RAT Delivered Through Double Compressed Archive→

[SANS ISC] Who Are Those Bots?

Posted on February 15, 2022 by Xavier

I published the following diary on isc.sans.edu: “Who Are Those Bots?“: I’m operating a mail server for multiple domains. This server is regularly targeted by bots that launch brute-force attacks to try to steal credentials. They try a list of common usernames but they also try targeted ones based on

The post [SANS ISC] Who Are Those Bots? appeared first on /dev/random.

Continue reading [SANS ISC] Who Are Those Bots?→

[SANS ISC] CinaRAT Delivered Through HTML ID Attributes

Posted on February 11, 2022 by Xavier

I published the following diary on isc.sans.edu: “CinaRAT Delivered Through HTML ID Attributes“: A few days ago, I wrote a diary about a malicious ISO file being dropped via a simple HTML file. I found another sample that again drops a malicious ISO file but this time, it is much

The post [SANS ISC] CinaRAT Delivered Through HTML ID Attributes appeared first on /dev/random.

Continue reading [SANS ISC] CinaRAT Delivered Through HTML ID Attributes→

[SANS ISC] Obscure Wininet.dll Feature?

Posted on January 21, 2022 by Xavier

I published the following diary on isc.sans.edu: “Obscure Wininet.dll Feature?“: The Internet Storm Center relies on a group of Handlers who are volunteers and offer some free time to the community besides our daily job. Sometimes, we share information between us about an incident or a problem that we are facing and

The post [SANS ISC] Obscure Wininet.dll Feature? appeared first on /dev/random.

Continue reading [SANS ISC] Obscure Wininet.dll Feature?→

[SANS ISC] RedLine Stealer Delivered Through FTP

Posted on January 20, 2022 by Xavier

I published the following diary on isc.sans.edu: “RedLine Stealer Delivered Through FTP“: Here is a piece of malicious Python script that injects a RedLine stealer into its own process. Process injection is a common attacker’s technique these days (for a long time already). The difference, in this case, is that

The post [SANS ISC] RedLine Stealer Delivered Through FTP appeared first on /dev/random.

Continue reading [SANS ISC] RedLine Stealer Delivered Through FTP→

[SANS ISC] Custom Python RAT Builder

Posted on January 7, 2022 by Xavier

I published the following diary on isc.sans.edu: “Custom Python RAT Builder“: This week I already wrote a diary about “code reuse” in the malware landscape but attackers also have plenty of tools to generate new samples on the fly. When you received a malicious Word documents, it has not been

The post [SANS ISC] Custom Python RAT Builder appeared first on /dev/random.

Continue reading [SANS ISC] Custom Python RAT Builder→

[SANS ISC] Malicious Python Script Targeting Chinese People

Posted on January 6, 2022 by Xavier

I published the following diary on isc.sans.edu: “Malicious Python Script Targeting Chinese People“: This week I found a lot of interesting scripts as this is my fourth diary in a row! I spotted a Python script that targets Chinese people. The script has a very low VT score (2/56) (SHA256:aaec7f4829445c89237694a654a731ee5a52fae9486b1d2bce5767d1ec30c7fb).

The post [SANS ISC] Malicious Python Script Targeting Chinese People appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Python Script Targeting Chinese People→