Hello and welcome to the Monday, February 6, 2020, 23 edition of the Sands and its Storm Center's

Stormcast. My name is Johannes Ulrich and I am recording from Jacksonville, Florida.

Analyzing large numbers of mal-resample is always a challenge and of course scripting here is the tool that

you're typically using in order to distinguish just the run of the middle kind of boring malware

from the interesting one that may deserve more attention and that's the kind of triage that

assembly line is kind of good for.

Guy wrote up the tool.

The tool itself was created by the Cyber Center Canada and well it's Docker container

essentially it's deployed in Docker that will allow you to upload malware to the assembly line system

and then essentially trigger various analysis tools. Some of them commercial, some of them

open source, and all of them are then summarized in a report. Now you can also make some of these decisions

kind of depend on what a particular tool finds

or what kind of malware you have.

Like I said, it sounds like a pretty interesting system

to sort of do your initial triage in particular,

since this looks like it's much more easy to maintain

than some of the alternatives.

And Brian Grebs posted on Mastodon about an advisory published by Fortra.

Fortra is the maker of Go Anywhere MFT. MFT stands for managed

file transfer, a solution that companies use for sort of internal controlled file transfer.

The problem here is remote code execution vulnerability and the advisory that the Fortra published hasn't really been

accessible publicly. You have to log into the customer portal. Now Brian Grabs posted a part of

...