ISC StormCast for Tuesday, January 8th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 8 January 2019
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, January 8th, 2019 edition of the Sansonet Storm Center's |
| 0:06.8 | Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida. |
| 0:14.0 | The matter of the day analyzed by the DA today is an encrypted Microsoft Office documents. So if you have seen quite a few of them |
| 0:23.6 | in the past, now the VA put together a little proof force tool for these type of documents |
| 0:30.6 | in case you do not have the password. The password is usually listed in the body of the email, but if you just have the attachment, |
| 0:39.2 | you no longer have the body, then it can be useful to prudeforth the password. |
| 0:43.6 | And since these passwords are usually rather simple, like short numbers and the like, it |
| 0:49.8 | shouldn't be too hard to do this. |
| 0:52.6 | In this particular case, it was just one, two, three, four. |
| 0:56.4 | And as usual, the malware actually turned out to be a downloader that was then used to retrieve |
| 1:02.8 | additional malware from a web server. One interesting sort of little thing here is the URL was |
| 1:09.1 | just an IP address. one way how you can |
| 1:11.7 | actually spot a lot of these suspicious downloads is if you are looking for host headers |
| 1:17.7 | that are IP addresses instead of a host name that's somewhat unusual and sometimes |
| 1:24.9 | used by malware like in this case. |
| 1:36.3 | And we got a blog post from Vandera about how to spot malicious applications, and they focused here on iOS, so malicious applications in Apple's App Store. |
| 1:43.3 | Now, I used this somewhat to illustrate their checklist they sort of have, So malicious applications in Apple's App Store. |
| 1:53.2 | They used this somewhat to illustrate their checklist they sort of have that gives you clues as to what application may be malicious. |
| 2:03.4 | One interesting thing they ran into is a few applications that actually connected with a command control server that's commonly associated with the Gold Duck malware. Now, Apple doesn't allow any additional code to be loaded this way, |
| 2:09.8 | but all it takes is a vulnerability that would make that possible. Right now it appears that |
| 2:16.5 | this command control server is mostly gathering information |
| 2:20.1 | from the device like IP address and a couple of other items that are accessible to the software, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.