Hello, welcome to the Thursday, February 10th, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Looking for some new PCAPs for Family Pack at Night.

Well, Brad got something interesting for you, and that's an emot head infection

that leads then to an install of Cobalt Strike. Brad attributes this infection to the Epoch 5

bot, and it was kind of interesting is that after the initial infection, it took about five

hours before Cobalt strike traffic

started to show up. So initially, you just have the standard spam bot traffic as typical

for Emothead and such. It uses a number of different email ports like 587 and 465 in order to spread the malware.

And then later there is some Emothead command control traffic on Port 8080 as well as HTTP.

So 443 before the actual Cobalt strike traffic starts, which in this case uses the domain Foxoff Valley.com.

All the P-Caps can be downloaded from Pratt's site and more indicators of compromise you can find

in Pratt's diary.

And of course, Patch Tuesday wasn't just about Microsoft, but we had a couple other companies

release updates, for example, as usual, Adobe.

Adobe released updates for Premier Rush Illustrator, Photoshop, After Effects, and Creative Cloud

Desktop.

Illustrator has the most vulnerabilities being addressed here with

13, some of them having a CVSS score of 7.8, allowing for arbitrary code execution. Photoshop,

after effects, and Creative Cloud desktop only have one vulnerability each, but it is also an

arbitrary code execution vulnerability, where Photoshop and After Effects, they assign it a CVSS score

...