Hello and welcome to the Friday, February 20th, 2006 edition of the Sands Internet Stormers

Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode is

brought you by the Sands.edu graduate certificate program in incident response.

Today's diary is from one of our sands.edu graduates.

And in this diary, John Mooders is talking about Dino Wiper.

Dino Wiper was recently in the news for being found at hacking various power plants in Poland.

It's a wiper.

So what wipers usually do is they just delete data.

They're sometimes claiming to be ransomware, but their real goal is just to disrupt systems.

And John is going into detail here how to reverse analyze this particular sample and, well, what he learned from it.

So in this particular case, it actually turned out that the malware wasn't really all that

complex, even though it was attributed to a nation-state actor,

but, well, whatever works, it's not that just because the nation-state actor, that we have

some super-complex malware. In this case, it's not really obvious gated, which of course

makes analysis fairly easy. It just uses then a pseudo-random

number generator in order to create essentially noise that's being used to overwrite files.

More details you can see in John's diary and also some of the tools and the sort of other

findings that he came across as he was looking at this particular sample.

And with the next story, well, I'm including it because, well, I'm surprised that anybody would

actually even think of this, and that's using LLMs to generate passwords. Security company

Irregular looked at that and basically asked various LLMs to create

passwords that sort of matched certain requirements, like upper lowercase special characters

...