Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Guy Bruneau

Threat Level: green

Date	Author	Title
FAKE EMAIL
2019-04-07	Guy Bruneau	Fake Office 365 Payment Information Update
FAKE
2022-03-02/a>	Johannes Ullrich	The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-01-03/a>	Xavier Mertens	McAfee Phishing Campaign with a Nice Fake Scan
2021-08-04/a>	Yee Ching Tok	Pivoting and Hunting for Shenanigans from a Reported Phishing Domain
2020-04-18/a>	Guy Bruneau	Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-02-05/a>	Brad Duncan	Fake browser update pages are "still a thing"
2019-04-07/a>	Guy Bruneau	Fake Office 365 Payment Information Update
2019-04-02/a>	Johannes Ullrich	Fake AV is Back: LaCie Network Drives Used to Spread Malware
2019-03-21/a>	Xavier Mertens	New Wave of Extortion Emails: Central Intelligence Agency Case
2017-07-07/a>	Renato Marinho	DDoS Extortion E-mail: Yet Another Bluff?
2016-05-12/a>	Xavier Mertens	Another Day, Another Wave of Phishing Emails
2015-09-28/a>	Johannes Ullrich	"Transport of London" Malicious E-Mail
2014-02-21/a>	Johannes Ullrich	UPS Malware Spam Using Fake SPF Headers
2013-04-29/a>	Adam Swanger	Report Fake Tech Support Calls submission form reminder
2013-04-16/a>	John Bambenek	Fake Boston Marathon Scams Update
2013-01-03/a>	Manuel Humberto Santander Pelaez	New year and new CA compromised
2012-12-06/a>	Daniel Wesemann	Fake tech support calls - revisited
2012-10-03/a>	Kevin Shortt	Fake Support Calls Reported
2012-06-19/a>	Daniel Wesemann	Vulnerabilityqueerprocessbrittleness
2011-07-25/a>	Bojan Zdrnja	When the FakeAV coder(s) fail
2011-07-21/a>	Daniel Wesemann	Down the FakeAV rabbit hole
2011-05-19/a>	Daniel Wesemann	Fake AV Bingo
2011-05-04/a>	Bojan Zdrnja	More on Google image poisoning
2011-01-18/a>	Daniel Wesemann	Yet another rogue anti-virus
2010-11-11/a>	Daniel Wesemann	Fake AV scams via Skype Chat
2010-02-27/a>	Johannes Ullrich	Search Engine Poisoning: Chile Earthquake
2010-02-15/a>	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2010-02-08/a>	Adrien de Beaupre	When is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-01-08/a>	Rob VandenBrink	Microsoft OfficeOnline, Searching for Trust and Malware
2009-09-17/a>	Bojan Zdrnja	Why is Rogue/Fake AV so successful?
2009-09-04/a>	Adrien de Beaupre	Fake anti-virus
2009-02-06/a>	Adrien de Beaupre	Fake stimulus payments
2008-09-15/a>	donald smith	Fake antivirus 2009 and search engine results
EMAIL
2023-03-12/a>	Guy Bruneau	AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-02-18/a>	Guy Bruneau	Spear Phishing Handlers for Username/Password
2023-01-05/a>	Brad Duncan	More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-30/a>	Jan Kopriva	SPF and DMARC use on GOV domains in different ccTLDs
2022-08-13/a>	Guy Bruneau	Phishing HTML Attachment as Voicemail Audio Transcription
2022-05-07/a>	Guy Bruneau	Phishing PDF Received in my ISC Mailbox
2022-05-05/a>	Brad Duncan	Password-protected Excel spreadsheet pushes Remcos RAT
2022-03-04/a>	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2021-11-14/a>	Didier Stevens	External Email System FBI Compromised: Sending Out Fake Warnings
2021-10-26/a>	Yee Ching Tok	Hunting for Phishing Sites Masquerading as Outlook Web Access
2021-10-22/a>	Brad Duncan	October 2021 Contest: Forensic Challenge
2021-05-22/a>	Xavier Mertens	"Serverless" Phishing Campaign
2021-02-26/a>	Guy Bruneau	Pretending to be an Outlook Version Update
2021-02-10/a>	Brad Duncan	Phishing message to the ISC handlers email distro
2020-11-18/a>	Xavier Mertens	When Security Controls Lead to Security Issues
2020-10-22/a>	Jan Kopriva	BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-10-09/a>	Jan Kopriva	Phishing kits as far as the eye can see
2020-09-21/a>	Jan Kopriva	Slightly broken overlay phishing
2020-06-18/a>	Jan Kopriva	Broken phishing accidentally exploiting Outlook zero-day
2020-05-27/a>	Jan Kopriva	Frankenstein's phishing using Google Cloud Storage
2020-04-13/a>	Jan Kopriva	Look at the same phishing campaign 3 months apart
2020-03-22/a>	Didier Stevens	More COVID-19 Themed Malware
2020-02-10/a>	Jan Kopriva	Current PayPal phishing campaign or "give me all your personal information"
2020-02-03/a>	Jan Kopriva	Analysis of a triple-encrypted AZORult downloader
2020-01-16/a>	Jan Kopriva	Picks of 2019 malware - the large, the small and the one full of null bytes
2019-12-15/a>	Didier Stevens	VirusTotal Email Submissions
2019-12-06/a>	Jan Kopriva	Phishing with a self-contained credentials-stealing webpage
2019-12-05/a>	Jan Kopriva	E-mail from Agent Tesla
2019-12-04/a>	Jan Kopriva	Analysis of a strangely poetic malware
2019-11-26/a>	Jan Kopriva	Lessons learned from playing a willing phish
2019-10-31/a>	Jan Kopriva	EML attachments in O365 - a recipe for phishing
2019-10-30/a>	Xavier Mertens	Keep an Eye on Remote Access to Mailboxes
2019-10-17/a>	Jan Kopriva	Phishing e-mail spoofing SPF-enabled domain
2019-04-13/a>	Johannes Ullrich	Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-07/a>	Guy Bruneau	Fake Office 365 Payment Information Update
2019-03-21/a>	Xavier Mertens	New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06/a>	Xavier Mertens	Keep an Eye on Disposable Email Addresses
2019-02-19/a>	Didier Stevens	Identifying Files: Failure Happens
2019-02-11/a>	Didier Stevens	Have You Seen an Email Virus Recently?
2018-12-21/a>	Lorna Hutcheson	Phishing Attempts That Bypass 2FA
2018-08-23/a>	Xavier Mertens	Simple Phishing Through formcrafts.com
2018-08-22/a>	Deborah Hale	Email/password Frustration
2018-08-19/a>	Didier Stevens	Video: Peeking into msg files - revisited
2018-08-11/a>	Didier Stevens	Peeking into msg files - revisited
2018-07-23/a>	Didier Stevens	Analyzing MSG files
2018-07-15/a>	Didier Stevens	Extracting BTC addresses from emails
2018-06-22/a>	Lorna Hutcheson	XPS Attachment Used for Phishing
2017-11-10/a>	Bojan Zdrnja	Battling e-mail phishing
2017-10-15/a>	Didier Stevens	Peeking into .msg files
2017-08-14/a>	Didier Stevens	Sometimes it's just SPAM
2015-02-20/a>	Tom Webb	Fast analysis of a Tax Scam
2014-07-09/a>	Daniel Wesemann	Who owns your typo?
2014-01-31/a>	Chris Mohan	Attack on Yahoo mail accounts
2014-01-24/a>	Johannes Ullrich	How to send mass e-mail the right way
2014-01-08/a>	Kevin Shortt	Intercepted Email Attempts to Steal Payments
2013-10-05/a>	Richard Porter	Adobe Breach Notification, Notifications?
2013-03-29/a>	Chris Mohan	Fake Link removal requests
2013-02-25/a>	Johannes Ullrich	Mass-Customized Malware Lures: Don't trust your cat!
2012-06-15/a>	Johannes Ullrich	Authenticating E-Mail
2012-02-07/a>	Johannes Ullrich	Secure E-Mail Access
2011-05-01/a>	Deborah Hale	Another Potentially Malicious Email Making The Rounds
2011-02-21/a>	Adrien de Beaupre	Winamp forums compromised
2010-09-09/a>	Marcus Sachs	'Here You Have' Email
2010-08-29/a>	Swa Frantzen	Abandoned free email accounts
2010-05-23/a>	Manuel Humberto Santander Pelaez	e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-03-05/a>	Kyle Haugsness	False scare email proclaiming North Korea nuclear launch against Japan
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-09/a>	Rob VandenBrink	THAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-08/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-04/a>	Tom Liston	Facebook phishing malware
2009-01-11/a>	Deborah Hale	The Frustration of Phishing Attacks
2008-11-30/a>	Mari Nichols	Rejected Email Issues

FAKE EMAIL

FAKE

EMAIL