ISC collects web logs which also includes User-Agents. If you are running a honeypot or a web server, it is fairly easy to quickly use some Regex to parse the logs and get a count of what is most commonly seen. This is some of the activity I have obser…
Malware Indicators (IOCS)
Malware Indicators (IOCS), Regional Security News
Quick analysis of malware created with NSIS, (Sun, May 27th)
Malware Indicators (IOCS), Regional Security News
Antivirus Evasion? Easy as 1,2,3, (Fri, May 25th)
For a while, ISC handlers have demonstrated several obfuscation techniques via our diaries. We always told you that attackers are trying to find new techniques to hide their content to not be flagged as malicious by antivirus products. Such of them are quite complex. And sometimes, we find documents that have a very low score on VT. Here is a sample that I found (SHA256: bac1a6c238c4d064f8be9835a05ad60765bcde18644c847b0c4284c404e38810). It gets a score of 6/59[1] which is not bad (from an attacker perspective). Is it a targeted attack? A new “APT†(buzzword!), not really…
Malware Indicators (IOCS), Regional Security News
ISC Stormcast For Friday, May 25th 2018 https://isc.sans.edu/podcastdetail.html?id=6013, (Fri, May 25th)
Malware Indicators (IOCS), Regional Security News
ISC Stormcast For Thursday, May 24th 2018 https://isc.sans.edu/podcastdetail.html?id=6011, (Thu, May 24th)
Malware Indicators (IOCS), Regional Security News
Track naughty and nice binaries with Google Santa, (Wed, May 23rd)
Santa is a binary white- or blacklisting daemon, being developed by the Google Macintosh Operations Team (largest contributor is Russel Hancox) for over 4 years now (not an official Google product!). Google Santa is being used by Google to protect and monitor their macOS machines internally, and has been called Santa because it keeps track of binaries that are naugthy or nice.