News
Malicious VBA Office Document Without Source Code, (Tue, Apr 23rd)
A couple of years ago, we posted diary entry “VBA and P-code“: we featured a VBA P-code disassembler developed by Dr. Bontchev. VBA source code is compiled into P-code, which is stored alongside the compressed source code into the ole file with VBA macros. Dr. Bontchev also published a PoC Word document with VBA code: […]
Read moreISC Stormcast For Tuesday, April 23rd 2019 https://isc.sans.edu/podcastdetail.html?id=6466, (Mon, Apr 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read more.rar Files and ACE Exploit CVE-2018-20250, (Mon, Apr 22nd)
Reader Carlos submitted an email with attached RAR file. In the past, when you received a RAR file as attachment in an unexpected email, it often contained a single malicious Windows executable. For the infection to occur, one would have to open the attachment and double-click the executable. Nowadays, a RAR file can also be […]
Read moreISC Stormcast For Monday, April 22nd 2019 https://isc.sans.edu/podcastdetail.html?id=6464, (Mon, Apr 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreAnalyzing UDF Files with Python, (Fri, Apr 19th)
Yesterday, Xavier wrote a diary entry about malicious UDF files. I wrote about the analysis of .ISO files before, and it turns out the same techniques work for UDF files too. Python module isoparser can also parse UDF files: We can retrieve the content: And calculate the hash of the contained EXE: Didier Stevens […]
Read moreIssue #31 – Volume XXI – SANS Newsbites – April 19th, 2019
Reposted from SANS NewsBites. Click here to read the original posting.
Read moreISC Stormcast For Friday, April 19th 2019 https://isc.sans.edu/podcastdetail.html?id=6462, (Fri, Apr 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreMalware Sample Delivered Through UDF Image, (Wed, Apr 17th)
I found an interesting phishing email which was delivered with a malicious attachment: an UDF image (.img). UDF means “Universal Disk Format” and, as said by Wikipedia[1], is an open vendor-neutral file system for computer data storage. It has supplented the well-known ISO 9660 format (used for burning CD & DVD) that was also used in previous […]
Read moreISC Stormcast For Thursday, April 18th 2019 https://isc.sans.edu/podcastdetail.html?id=6460, (Thu, Apr 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreIssue #30 – Volume XXI – SANS Newsbites – April 16th, 2019
Reposted from SANS NewsBites. Click here to read the original posting.
Read more
