INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Python InfoStealer With Dynamic Sandbox Detection
Published: 2024-02-20
Last Updated: 2024-02-20 07:07:02 UTC
by Xavier Mertens (Version: 1)
Infostealers written in Python are not new. They also onboard a lot of sandbox detection mechanisms to prevent being executed (and probably detected) by automatic analysis. Last week, I found one that uses the same approach but in a different way. Usually, the scripts have a list of "bad stuff" to check like MAC addresses, usernames, processes, etc. These are common ways to detect simple sandboxes that are not well-hardened. This time, the "IOD" (Indicators Of Detection) list is stored online on a Pastebin-like site, allowing the indicators to be updated for all scripts already deployed. It's also a way to disclose less interesting information in the script.
Read the full entry:
https://isc.sans.edu/diary/Python+InfoStealer+With+Dynamic+Sandbox+Detection/30668/
Phishing pages hosted on archive.org
Published: 2024-02-21
Last Updated: 2024-02-21 07:27:43 UTC
by Jan Kopriva (Version: 1)
The Internet Archive is a well-known and much-admired institution, devoted to creating a “digital library of Internet sites and other cultural artifacts in digital form”. On its “WayBackMachine” website, which is hosted on https://archive.org/, one can view archived historical web pages from as far back as 1996. The Internet Archive basically functions as a memory for the web, and currently holds over 800 billion web pages as well as millions of books, audio and video recordings and other content… Unfortunately, since it allows for uploading of files by users, it is also used by threat actors to host malicious content from time to time.
Read the full entry:
https://isc.sans.edu/diary/Phishing+pages+hosted+on+archiveorg/30676/