.. /.Daa

Phishing
Executable
File Archiver

Contributors:

Adithya - @ravooriadithya

Description:

Direct Access Archive, or DAA, is a proprietary file format developed by PowerISO Computing for disk image files. The format supports features such as compression, password protection, and splitting to multiple volumes. These file types can be leveraged for phishing users and enable them into executing malicious code embedded inside them.

OS:

Windows

Recommendation:

Common email providers do not block daa attachments but there is little legitimate need for them to be delivered through mail. Block the attachments via email gateway. Also, open these file types with care as they can carry malicious executables.

Resources:

https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/

File Samples:

https://www.virustotal.com/gui/file/98664feac87afbb44c37b13675a5bcd97f407009a173dea081d498ea8aedc210/details