HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Complex Obfuscation VS Simple Trick

2020-01-23 08:20

I published the following diary on isc.sans.edu: “Complex Obfuscation VS Simple Trick“:

Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. The Emotet malware family does not need to be presented. Very active for years, new waves of attacks are always fired using different infection techniques. Yesterday, an interesting sample was spotted at a customer. The security perimeter is quite strong with multiple lines of defenses based on different technologies/vendors. This one passed all the controls! A malicious document was delivered via a well-crafted email. The document (SHA256:ff48cb9b2f5c3ecab0d0dd5e14cee7e3aa5fc06d62797c8e79aa056b28c6f894) has a low VT score of 18/61 and is not detected by some major AV players… [Read more]

[The post [SANS ISC] Complex Obfuscation VS Simple Trick has been first published on /dev/random]


Source: /kcirt-elpmis-sv-noitacsufbo-xelpmoc-csi-snas/32/10/0202/eb.llehstoor.golb

Read:3564 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Emotet Maldoc Ob

“[SANS ISC] Complex Obfuscation VS Simple Trick”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud