Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
EXCEL 4
2020-04-05
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2019-03-17
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16
Didier Stevens
Maldoc: Excel 4.0 Macros
EXCEL
2022-07-10/a>
Guy Bruneau
Excel 4 Emotet Maldoc Analysis using CyberChef
2022-07-07/a>
Brad Duncan
Emotet infection with Cobalt Strike
2022-04-20/a>
Brad Duncan
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-04-06/a>
Brad Duncan
Windows MetaStealer Malware
2022-03-25/a>
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-01-22/a>
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2022-01-05/a>
Xavier Mertens
Code Reuse In the Malware Landscape
2021-11-19/a>
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-09-25/a>
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25/a>
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23/a>
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-03-03/a>
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-28/a>
Didier Stevens
Maldocs: Protection Passwords
2021-02-22/a>
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-17/a>
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-02-03/a>
Brad Duncan
Excel spreadsheets push SystemBC malware
2021-01-20/a>
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-14/a>
Bojan Zdrnja
Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2020-12-12/a>
Didier Stevens
Office 95 Excel 4 Macros
2020-12-09/a>
Brad Duncan
Recent Qakbot (Qbot) activity
2020-10-26/a>
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-08-26/a>
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-06-12/a>
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-01/a>
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-04-24/a>
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-05/a>
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-09/a>
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06/a>
Xavier Mertens
A Safe Excel Sheet Not So Safe
2020-02-24/a>
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2019-11-08/a>
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-03-25/a>
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23/a>
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-17/a>
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>
Didier Stevens
Maldoc: Excel 4.0 Macros
2018-10-10/a>
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-09-28/a>
Xavier Mertens
More Excel DDE Code Injection
2018-05-22/a>
Xavier Mertens
Malware Distributed via .slk Files
2018-02-02/a>
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2017-04-19/a>
Xavier Mertens
Hunting for Malicious Excel Sheets
2015-05-15/a>
Didier Stevens
Another Maldoc? I'm Afraid So...
2010-03-09/a>
John Bambenek
March 2010 - Microsoft Patch Tuesday Diary
2009-07-13/a>
Adrien de Beaupre
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
4
2022-12-22/a>
Guy Bruneau
Exchange OWASSRF Exploited for Remote Code Execution
2022-10-16/a>
Didier Stevens
Video: Analysis of a Malicious HTML File (QBot)
2022-10-13/a>
Didier Stevens
Analysis of a Malicious HTML File (QBot)
2022-09-09/a>
Didier Stevens
Maldoc With Decoy BASE64
2022-08-26/a>
Guy Bruneau
HTTP/2 Packet Analysis with Wireshark
2022-08-22/a>
Xavier Mertens
32 or 64 bits Malware?
2022-06-19/a>
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18/a>
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-03-31/a>
Johannes Ullrich
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-30/a>
Johannes Ullrich
Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem)
2022-03-30/a>
Johannes Ullrich
Java Springtime Confusion: What Vulnerability are We Talking About
2022-02-23/a>
Johannes Ullrich
The Rise and Fall of log4shell
2022-01-22/a>
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2022-01-17/a>
Johannes Ullrich
Log4Shell Attacks Getting "Smarter"
2021-12-29/a>
Russ McRee
Log4j 2 Security Vulnerabilities Update Guide
2021-12-23/a>
Johannes Ullrich
log4shell and cloud provider internal meta data services (IMDS)
2021-12-23/a>
Johannes Ullrich
Defending Cloud IMDS Against log4shell (and more)
2021-12-14/a>
Johannes Ullrich
Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-11/a>
Johannes Ullrich
Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
2021-12-10/a>
Bojan Zdrnja
RCE in log4j, Log4Shell, or how things can get bad quickly
2021-10-30/a>
Guy Bruneau
Remote Desktop Protocol (RDP) Discovery
2021-10-16/a>
Guy Bruneau
Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>
Johannes Ullrich
Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-09-25/a>
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25/a>
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23/a>
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-07-16/a>
Xavier Mertens
Multiple BaseXX Obfuscations
2021-07-02/a>
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-11/a>
Xavier Mertens
Sonicwall SRA 4600 Targeted By an Old Vulnerability
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2020-12-26/a>
Didier Stevens
base64dump.py Supported Encodings
2020-12-07/a>
Didier Stevens
Corrupt BASE64 Strings: Detection and Decoding
2020-11-21/a>
Guy Bruneau
VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-10-29/a>
Johannes Ullrich
PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-10-26/a>
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-24/a>
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-09-27/a>
Didier Stevens
Decoding Corrupt BASE64 Strings
2020-08-04/a>
Johannes Ullrich
Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-06-30/a>
Russ McRee
ISC Snapshot: SpectX IP Hitcount Query
2020-06-27/a>
Didier Stevens
Video: YARA's BASE64 Strings
2020-06-14/a>
Didier Stevens
YARA's BASE64 Strings
2020-06-08/a>
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-06-01/a>
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-30/a>
Didier Stevens
YARA v4.0.1
2020-05-19/a>
Rick Wanner
What is up on Port 62234?
2020-05-14/a>
Rob VandenBrink
Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-05-10/a>
Didier Stevens
YARA v4.0.0: BASE64 Strings
2020-04-21/a>
Russ McRee
SpectX: Log Parser for DFIR
2020-04-05/a>
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-09/a>
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24/a>
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2019-10-27/a>
Guy Bruneau
Unusual Activity with Double Base64 Encoding
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-07-26/a>
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-06-03/a>
Didier Stevens
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-03-30/a>
Didier Stevens
"404" is not Malware
2019-03-17/a>
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>
Didier Stevens
Maldoc: Excel 4.0 Macros
2018-08-20/a>
Didier Stevens
OpenSSH user enumeration (CVE-2018-15473)
2018-07-18/a>
Kevin Liston
Request for Packets: Port 15454
2018-02-02/a>
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2017-08-24/a>
Bojan Zdrnja
Free Bitcoins? Why not?
2017-07-19/a>
Xavier Mertens
Bots Searching for Keys & Config Files
2017-07-08/a>
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-03-19/a>
Xavier Mertens
Searching for Base64-encoded PE Files
2017-02-28/a>
Johannes Ullrich
My Catch Of 4 Months In The Amazon IP Address Space
2016-11-24/a>
Didier Stevens
Extracting Shellcode From JavaScript
2016-10-22/a>
Guy Bruneau
Request for Packets TCP 4786 - CVE-2016-6385
2016-05-16/a>
Rick Wanner
An oldie but a goodie - 419 Death Scam
2016-02-13/a>
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2015-07-05/a>
Didier Stevens
Working with base64
2015-06-16/a>
John Bambenek
CVE-2014-4114 and an Interesting AV Bypass Technique
2015-04-15/a>
Johannes Ullrich
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2014-10-09/a>
Johannes Ullrich
CSAM: My servers started speaking IRC, and that is when I started to listen!
2014-10-06/a>
Johannes Ullrich
CSAM: Patch and get pw0ned (not OR).
2014-10-03/a>
Johannes Ullrich
CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
2014-10-02/a>
Johannes Ullrich
CSAM: My Storage Array SSHs Outbound!
2014-09-25/a>
Johannes Ullrich
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>
Pedro Bueno
Attention *NIX admins, time to patch!
2014-09-22/a>
Johannes Ullrich
Cyber Security Awareness Month: What's your favorite/most scary false positive
2014-08-17/a>
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-07/a>
Johannes Ullrich
Multi Platform *Coin Miner Attacking Routers on Port 32764
2014-06-30/a>
Johannes Ullrich
Should I setup a Honeypot? [SANSFIRE]
2014-06-12/a>
Johannes Ullrich
Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-05-23/a>
Richard Porter
Highlights from Cisco Live 2014 - The Internet of Everything
2014-05-21/a>
John Bambenek
New, Unpatched IE 0 Day published at ZDI
2014-04-08/a>
Guy Bruneau
OpenSSL CVE-2014-0160 Fixed
2014-03-24/a>
Johannes Ullrich
New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-02/a>
Stephen Hall
Symantec goes yellow
2014-02-07/a>
Rob VandenBrink
New ISO Standards on Vulnerability Handling and Disclosure
2013-12-06/a>
Guy Bruneau
VMware ESX 4.x Security Advisory
2013-11-14/a>
Johannes Ullrich
iOS 7.0.4 released. Fixes issue with unauthorized in App purchases http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html
2013-06-20/a>
Guy Bruneau
HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On
2013-05-09/a>
Johannes Ullrich
Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-03-25/a>
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-18/a>
Kevin Shortt
Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-22/a>
Chris Mohan
PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-19/a>
Guy Bruneau
Java 7 Update 11 Still has a Flaw
2013-01-04/a>
Guy Bruneau
"FixIt" Patch for CVE-2012-4792 Bypassed
2012-09-21/a>
Guy Bruneau
IE Cumulative Updates MS12-063 - KB2744842
2012-07-18/a>
Rob VandenBrink
Vote NO to Weak Keys!
2012-06-25/a>
Guy Bruneau
Issues with Windows Update Agent
2012-04-12/a>
Guy Bruneau
HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-01-12/a>
Rob VandenBrink
PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-08-11/a>
Johannes Ullrich
As part of this weeks patch tuesday, microsoft also re-release MS11-043 to address stability issues.
2011-08-05/a>
Johannes Ullrich
Common Web Attacks. A quick 404 project update
2011-07-28/a>
Johannes Ullrich
Announcing: The "404 Project"
2011-07-02/a>
Pedro Bueno
Bootkits, they are back at full speed...
2011-06-01/a>
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-04-28/a>
Chris Mohan
Gathering and use of location information fears - or is it all a bit too late
2011-04-25/a>
Rob VandenBrink
What's Your (IP) Address Worth?
2011-04-21/a>
Guy Bruneau
Silverlight Update Available
2011-04-10/a>
Raul Siles
Recent security enhancements in web browsers (e.g. Google Chrome)
2011-03-23/a>
Johannes Ullrich
Firefox 4 Security Features
2011-02-23/a>
Manuel Humberto Santander Pelaez
Bind DOS vulnerability (CVE-2011-0414)
2011-02-01/a>
Johannes Ullrich
The End Of IP As We Know It
2010-11-16/a>
Guy Bruneau
OpenSSL TLS Extension Parsing Race Condition
2010-10-28/a>
Manuel Humberto Santander Pelaez
CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-09-17/a>
Robert Danford
Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-03-24/a>
Kyle Haugsness
Wax nostalgic - commodore64 updated to present time
2010-02-23/a>
Mark Hofman
What is your firewall telling you and what is TCP249?
2010-02-21/a>
Tony Carothers
TCP Port 12174 Request For Packets
2010-01-19/a>
Jim Clausing
The IE saga continues, out-of-cycle patch coming soon
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-15/a>
Kevin Liston
Exploit code available for CVE-2010-0249
2010-01-04/a>
Bojan Zdrnja
Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-12-29/a>
Rick Wanner
What's up with port 12174? Possible Symantec server compromise?
2009-11-11/a>
Rob VandenBrink
Apple Safari 4.0.4 Released
2009-10-30/a>
Rob VandenBrink
New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-28/a>
Johannes Ullrich
Sniffing SSL: RFC 4366 and TLS Extensions
2009-10-25/a>
Lorna Hutcheson
Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-15/a>
Deborah Hale
Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-09-07/a>
Jim Clausing
Request for packets
2009-05-27/a>
donald smith
WebDAV write-up
2009-03-28/a>
Rick Wanner
New Beta release of Nmap
2009-03-05/a>
Mark Hofman
What's up with port 445?
2008-06-10/a>
Swa Frantzen
Ransomware keybreaking
2006-10-05/a>
Swa Frantzen
MS06-053 revisited ?
2006-09-15/a>
Swa Frantzen
MSIE DirectAnimation ActiveX 0-day update
2006-08-31/a>
Joel Esler
MS06-040 Worm
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Have you heard our daily podcast covering the latest
information security threats
?