SANS ISC

[SANS ISC] Microsoft Publisher Files Delivering Malware

I published the following diary on isc.sans.org: “Microsoft Publisher Files Delivering Malware“: Attackers are always searching for new ways to deliver malicious content to their victims. A few days ago, Microsoft Publisher malicious files were spotted by security researchers[1]. Publisher is a low-level desktop publishing application offered by Microsoft in

SANS ISC

[SANS ISC] Malicious DLL Loaded Through AutoIT

I published the following diary on isc.sans.org: “Malicious DLL Loaded Through AutoIT“: Here is an interesting sample that I found while hunting. It started with the following URL: hxxp://200[.]98[.]170[.]29/uiferuisdfj/W5UsPk.php?Q8T3=OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5 The value of the parameter (‘OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5’) is used as the key to decode the first stage. If you don’t specify it,

SANS ISC

[SANS ISC] Windows Batch File Deobfuscation

I published the following diary on isc.sans.org: “Windows Batch File Deobfuscation“: Last Thursday, Brad published a diary about a new ongoing campaign delivering the Emotet malware. I found another sample that looked the same. My sample was called ‘Order-42167322776.doc’ (SHA256:4d600ae3bbdc846727c2922485f9f7ec548a3dd031fc206dbb49bd91536a56e3 and looked the same as the one analyzed Brad. The

1 20 21 22 23 24 36