Menu

Internet Storm Center

Traffic

News Feeds (RSS) Internet Storm Center

Tue, 20 Feb 2018 22:21:42 -0700

ISC Stormcast For Wednesday, February 21st 2018 https://isc.sans.edu/podcastdetail.html?id=5879

Wed, 21 Feb 2018 03:40:08 -0700

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Tue, 20 Feb 2018 17:30:49 -0700

After going through an almost endless amount of encoded droppers and loader scripts while analyzing a Brazilian banker, I finally managed to reach the actual payload, an interestingly packed/encrypted banking malware. How I statically unpacked this payload is the subject of today's diary and I hope it will help you in your future analysis.

Tue, 20 Feb 2018 03:20:07 -0700

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Mon, 19 Feb 2018 21:58:25 -0700

Xavier wrote a diary entry about an interesting malware sample: MSI files.

Mon, 19 Feb 2018 03:45:07 -0700

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Sun, 18 Feb 2018 21:58:41 -0700

Last week I researched how to detect signed VBA code in Word .doc files.

Sat, 17 Feb 2018 09:06:35 -0700

For some days, I collected a few samples of malicious MSI files. MSI files are Windows installer files that users can execute to install software on a Microsoft Windows system. Of course, you can replace “software” with “malware”. MSI files look less suspicious and they could bypass simple filters based on file extensions like “(com|exe|dll|js|vbs|…)”. They also look less dangerous because they are Composite Document Files:

Fri, 16 Feb 2018 03:35:06 -0700

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Thu, 15 Feb 2018 04:25:07 -0700

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Wed, 14 Feb 2018 00:00:13 -0700

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.