Security Talk

Malware delivery and distribution techniques always changing. As blue teams develop an understanding of one type of attack, the attackers shift to something different. Security researchers and security teams follow (or should follow) these methods so they can shift defensive tactics and software to meet the new challenge. This brings us to our topic for today. Researchers over at Proofpoint have identified an unusual packer called DTPacker, a .NET packer that not only obfuscates the payload that it is delivering but can act as both a runtime packer (a self-executing archive) as well as a downloader. This is unusual all on its own, but there are other factors that have been observed in this packer that make it the odd person out.

Details: By Sean Kalinich; Jan 25; Hits: 995

Security Talk

The latest report from the ITRC (Identity Theft Resource Center) has been released and it shows us some sadly unsurprising data. According to the report, 2021 data compromises are up 68% (1,862) compared to 2020 numbers and 23% higher than the highest year on record 2017 (1,506). The report adds that compromise of sensitive personal data is also up but has not topped 2017 as the record year for that type of data loss. Attack trends have changed slightly with attackers appearing to target specific data rather than just trying to dump everything. This has led to an overall reduction in the total number of actual victims while the number of repeat victims is still very high.

Details: By Sean Kalinich; Jan 25; Hits: 891

Security Talk

Dropbox, Google Docs and other cloud storage services are great tools for collaboration and to ensure that your files are kept, relatively, safe. These services can also be used by attackers with the right setup and files. The APT group know as Molerats is just such a group. They have been identified is several attacks that leveraged Dropbox and Google Docs as their C2 and payload sources. In December of 2021 the ThreatLabz team at zscaler noticed some unusual behavior that turned out to be just such an attack.

Details: By Sean Kalinich; Jan 24; Hits: 1152

Security Talk

In a list of things that should be killed with fire, Excel 4.0 Macros are high up. However, the fat that Spamming “services” like Emotet are still using Excel 4.0 Macros tells me that some are not getting the hint. According to recent research from TrendMicro, Emotet is using some very unconventional methods of obfuscating the C2 server IP addresses. The attack patter is the same, email with a poisoned Excel spreadsheet. This spreadsheet contains HTA with the command script, you know the drill.

Details: By Sean Kalinich; Jan 24; Hits: 1382

Security Talk

Online gaming is pretty much the way game developers want to go these days. However, online modes come with risks. With Arner Bros. Games it was Back 4 Blood’s online only progression created such a massive backlash they had to backtrack on their online push. Now we see something more serious than fan backlash, Remote Code Execution bugs in Dark Souls.

Details: By Sean Kalinich; Jan 23; Hits: 1495

.NET Packer, DTPacker Acts Like a Packer and Downloader with an Odd Password

As Data Compromises Rise will Companies Change Practices to Meet Them?

Another Day, Another Cloud Storage Campaign from the Molerats APT TA402

Emotet Leveraging Excel 4.0 Macros and Unconventional IP Addressing

Dark Souls has a Serious Remote Code Execution Bug During Online Play

More Articles …

Follow Us