meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, May 7th 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 7 May 2020

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Malware Age; Fake Wallets; Favicon Hides JS; WebEx Phish @malwarebytes

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, May 7, 2020 edition of the Sandcent Storm Center's Stormcast.

0:07.7

My name is Johannes Ulrich.

0:09.3

And then I'm recording from Jacksonville, Florida.

0:14.7

Did he wrote a post today testing how unique Malveur it typically is when it is is being received or if the same exact piece of

0:23.6

Malver keeps getting reused. Now in order to do this, Did he used Virus Total and collected

0:31.1

8,000 something different samples from Virus Total that did match Didier's YARA rules and that were uploaded to VirusTotal over

0:41.9

the last 18 months. Now, then he checked how often was this exact file uploaded, what's the

0:48.9

time difference between the first and the last time it was uploaded. And what did he found? And probably should be a huge

0:55.8

surprise here, but 95% of malware was uploaded to a virus total only once, meaning it was unique

1:04.2

malware submitted by only one entity. Now, he's comparing Shah hashes here. So unique means different Shah-256 hash in this

1:15.2

case. So this doesn't mean these are targeted attacks because a lot of run-of-the-mill malware

1:21.6

these days will create slightly modified versions of itself whenever it is being deployed.

1:29.3

Now, he found a couple of outliers here as well, and probably the most famous one, invoke mimicats.ps.

1:36.3

Well, that, of course, is the famous mimicats script that's often used by pen testers and such.

1:45.1

So no surprise that this has been uploaded the most and had the longest lifetime starting

1:51.6

in November of 2015 and going all the way till April 4th.

1:57.5

So that's probably when Diddy here collected his data. Lesson learned, well,

2:04.6

Shah checksums as an indicator of compromise are kind of useless in the sense that you're

2:10.5

unlikely going to find the same Shah hash in your environment that someone else reported.

2:18.3

And Google appears to continue to have a hard time keeping malicious extensions out of the Google Chrome Web Store.

2:26.2

As reported by the Register, yet another set of malicious extensions has been identified in the Google Chrome store by researchers.

2:36.0

And these extensions, again, were stealing passwords from users by claiming to be extensions

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.