News

Malicious VBA Office Document Without Source Code, (Tue, Apr 23rd)

Published April 23, 2019

A couple of years ago, we posted diary entry “VBA and P-code“: we featured a VBA P-code disassembler developed by Dr. Bontchev. VBA source code is compiled into P-code, which is stored alongside the compressed source code into the ole file with VBA macros. Dr. Bontchev also published a PoC Word document with VBA code: […]

Read more

ISC Stormcast For Tuesday, April 23rd 2019 https://isc.sans.edu/podcastdetail.html?id=6466, (Mon, Apr 22nd)

Published April 22, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

.rar Files and ACE Exploit CVE-2018-20250, (Mon, Apr 22nd)

Published April 22, 2019

Reader Carlos submitted an email with attached RAR file. In the past, when you received a RAR file as attachment in an unexpected email, it often contained a single malicious Windows executable. For the infection to occur, one would have to open the attachment and double-click the executable. Nowadays, a RAR file can also be […]

Read more

ISC Stormcast For Monday, April 22nd 2019 https://isc.sans.edu/podcastdetail.html?id=6464, (Mon, Apr 22nd)

Published April 21, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Analyzing UDF Files with Python, (Fri, Apr 19th)

Published April 19, 2019

Yesterday, Xavier wrote a diary entry about malicious UDF files. I wrote about the analysis of .ISO files before, and it turns out the same techniques work for UDF files too. Python module isoparser can also parse UDF files: We can retrieve the content: And calculate the hash of the contained EXE:   Didier Stevens […]

Read more

Issue #31 – Volume XXI – SANS Newsbites – April 19th, 2019

Published April 19, 2019

Reposted from SANS NewsBites. Click here to read the original posting.

Read more

ISC Stormcast For Friday, April 19th 2019 https://isc.sans.edu/podcastdetail.html?id=6462, (Fri, Apr 19th)

Published April 18, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Malware Sample Delivered Through UDF Image, (Wed, Apr 17th)

Published April 17, 2019

I found an interesting phishing email which was delivered with a malicious attachment: an UDF image (.img). UDF means “Universal Disk Format” and, as said by Wikipedia[1], is an open vendor-neutral file system for computer data storage. It has supplented the well-known ISO 9660 format (used for burning CD & DVD) that was also used in previous […]

Read more

ISC Stormcast For Thursday, April 18th 2019 https://isc.sans.edu/podcastdetail.html?id=6460, (Thu, Apr 18th)

Published April 17, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Issue #30 – Volume XXI – SANS Newsbites – April 16th, 2019

Published April 17, 2019

Reposted from SANS NewsBites. Click here to read the original posting.

Read more