Hello and welcome to the Thursday, March 30th, 2020,

edition of the Sansonet Storm Sturmast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

One thing we love is if you send us Malware that you have issues reverse analyzing, and we had a reader Martin send us malware that you have issues reverse analyzing and we had a reader martin sent us such a sample

earlier today and did he took a look at it and found that well it was an excel spreadsheet and it did

have malicious content but that malicious content was spread over multiple streams.

So DDA is going over how to extract the relevant streams by using the JSON output format of his

tools and then how to extract respective streams from the file.

And to accomplish that, DDA also on the fly made a quick update to one of his tools that allows you to easily save these multiple streams in just one command.

More details about all the different Python tools that DDA used from his arsenal

can be found in the diary from

Wednesday.

Well, and bad news for you if you're using the 3CX voice over IP solution, the 3CX desktop app,

which is their voice over IP phone, apparently got compromised and includes malicious code.

At this point, multiple antivirus

solutions are flagging the compromised

binary. As part of this

binary attackers will be able

to execute arbitrary commands on

systems running the affected version of the

3CX desktop app.

Both Windows and Mac versions of the application are affected.

...