meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, May 30th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 30 May 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Word in PPT; DocuSign Malspam; Archiver in Browser; Casandra and MXsecurity Vulnerabilities

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Tuesday, May 30th, 2020, 3 edition of the Sandsenet Storm Center's Stormcast.

0:08.8

My name is Johannes Ulrich.

0:10.5

And today I'm recording from Jacksonville, Florida.

0:14.5

Well, you got a couple of interesting diaries to talk about after the long weekend.

0:19.9

First of all, Diddy wrote up how to deal with Word

0:25.3

documents embedded in a PowerPoint document. These kind of nested office documents are kind of common

0:33.4

when it comes to malware because it is one nice way to evade some detection rules. When

0:41.2

DDE for example, looked at it first with Olli Dump, it just shows up as a compressed attachment

0:49.2

and then of course after it's being extracted, D he was able to identify and further analyze a divert document.

0:57.7

After all, office documents are compressed.

1:01.0

They're usually zip directory structures, and, well, once you have the actual file, it's then not too hard to figure out what's inside that zip file.

1:11.3

And Brad published another one of his neat Malware analysis write-ups.

1:15.3

This is a sample that Brad collected on the 25th, so last Thursday, pretty current sample.

1:23.8

Usually when Brad writes about these samples, he sort of attributes them to a particular malware campaign.

1:30.3

The interesting thing here is that it actually doesn't fit in these sort of any well-known campaign patterns, even though it uses a fairly classic trick. It arrives as a docusign email. That email then includes an HTML attachment

1:47.0

that will drop a zip file that then tricks the user and actually opening the zip file and

1:53.0

executing JavaScript. DocuSign has been such a common theme in these scams that I think it was a week or two ago. I received a legitimate

2:03.6

docu-sign message and first deleted it as yet another mal-spam before the party that sent me

2:12.2

the email actually reached out to check why I hadn't responded yet.

2:22.3

Now, other than that, this particular sample isn't really all that special.

2:27.6

It uses scheduled tasks in order to then download additional stages. For the full walkthrough, take a look at what Brad has written up, and as always, his diaries are great because it allows you to

2:36.9

sort of follow along with all the P-caps and the samples that Brad publishes so you can basically

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.