Malware
SANS ISC Diary - A blast from the past - XXEncoded VB6.0 Trojan
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a campaign in which the malicious actors decided to go reall “old school” when it comes to file formats they would use.

Overview of free online malware analysis sandboxes
· β˜• 2 min read
This page contains a (hopefully up-to-date) list of useful online malware sandboxes and analytical platforms. The list is (and it is meant to be) non-exhaustive, but if you know of any sandbox which is not mentioned but offers interesting features, feel free to let me know about it. If you’d like to use the table in a presentation or share it on some other site, there is a PNG version bellow to make it easier.

Overview of free online malware analysis sandboxes – 2020 edition
· β˜• 2 min read
Whether your work has anything to do with security monitoring, malware analysis, incident response, or just general IT administration, you’ve probably come across VirusTotal. It is an invaluable tool when it comes to identifying malicious code, however sometimes we need to dig a bit deeper than just getting a 'detection score' for a potentially dangerous file...

SANS ISC Diary - Analysis of a triple-encrypted AZORult downloader
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at analysis of an interesting malicious document which turned out to be AZORult downloader. What made it stand out - among its other aspects - were 3 layers of home-grown encryption...

SANS ISC Diary - E-mail from Agent Tesla
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a multi-stage downloader for Agent Tesla.