Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-06-22
Brad Duncan
Qakbot (Qbot) activity, obama271 distribution tag
2023-02-28
Brad Duncan
BB17 distribution Qakbot (Qbot) activity
2023-02-24
Brad Duncan
URL files and WebDAV used for IcedID (Bokbot) infection
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-08-24
Brad Duncan
Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-07-07
Brad Duncan
Emotet infection with Cobalt Strike
2022-04-06
Brad Duncan
Windows MetaStealer Malware
2022-01-21
Xavier Mertens
Obscure Wininet.dll Feature?
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-02
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-19
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-11-16
Brad Duncan
Emotet Returns
2021-10-21
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-08
Brad Duncan
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-07-06
Xavier Mertens
Python DLL Injection Check
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-05-21
Xavier Mertens
Locking Kernel32.dll As Anti-Debugging Technique
2021-05-18
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-03
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-17
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-02-11
Jan Kopriva
Agent Tesla hidden in a historical anti-malware tool
2021-01-26
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2020-09-10
Brad Duncan
Recent Dridex activity
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-03-25
Brad Duncan
Recent Dridex activity
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-08-21
Xavier Mertens
Malicious DLL Loaded Through AutoIT
2016-06-03
Tom Liston
MySQL is YourSQL
2015-09-29
Pedro Bueno
Tricks for DLL analysis
2013-11-09
Guy Bruneau
IE Zero-Day Vulnerability Exploiting msvcrt.dll
2010-12-01
Deborah Hale
McAfee Security Bulletin Released
2010-08-23
Bojan Zdrnja
DLL hijacking vulnerabilities
2010-08-05
Manuel Humberto Santander Pelaez
Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2006-09-19
Swa Frantzen
Yet another MSIE 0-day: VML
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others
