Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
FICKER STEALER
2021-07-09	Brad Duncan	Hancitor tries XLL as initial malware file
2021-06-30	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
FICKER
2021-07-09/a>	Brad Duncan	Hancitor tries XLL as initial malware file
2021-06-30/a>	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
2010-11-17/a>	Guy Bruneau	Conficker B++ Activated on Nov 15
2009-09-26/a>	Kyle Haugsness	Conficker detection hints
2009-09-25/a>	Deborah Hale	Conficker Continues to Impact Networks
2009-09-23/a>	Marcus Sachs	Addendum to SRI's Conficker C Analysis Published
2009-04-16/a>	Adrien de Beaupre	Some conficker lessons learned
2009-04-09/a>	Johannes Ullrich	Conficker update with payload
2009-04-09/a>	Jim Clausing	Conficker Working Group site down
2009-04-05/a>	Marcus Sachs	Open Source Conficker-C Scanner/Detector Released
2009-04-02/a>	Handlers	A view from the CWG Trenches
2009-03-30/a>	Daniel Wesemann	Locate Conficker infected hosts with a network scan!
2009-03-29/a>	Chris Carboni	April 1st - What Will Really Happen?
2009-02-13/a>	Andre Ludwig	Third party information on conficker
2009-02-10/a>	Bojan Zdrnja	More tricks from Conficker and VM detection
2009-02-09/a>	Bojan Zdrnja	Some tricks from Conficker's bag
2009-01-16/a>	G. N. White	Conficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15/a>	Bojan Zdrnja	Conficker's autorun and social engineering
2009-01-12/a>	William Salusky	Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
STEALER
2023-09-29/a>	Xavier Mertens	Are You Still Storing Passwords In Plain Text Files?
2023-05-04/a>	Xavier Mertens	Infostealer Embedded in a Word Document
2023-03-01/a>	Xavier Mertens	Python Infostealer Targeting Gamers
2022-12-18/a>	Guy Bruneau	Infostealer Malware with Double Extension
2022-08-11/a>	Xavier Mertens	InfoStealer Script Based on Curl and NSudo
2022-04-06/a>	Brad Duncan	Windows MetaStealer Malware
2022-03-23/a>	Brad Duncan	Arkei Variants: From Vidar to Mars Stealer
2022-03-09/a>	Xavier Mertens	Infostealer in a Batch File
2021-12-21/a>	Xavier Mertens	More Undetected PowerShell Dropper
2021-12-01/a>	Xavier Mertens	Info-Stealer Using webhook.site to Exfiltrate Data
2021-07-09/a>	Brad Duncan	Hancitor tries XLL as initial malware file
2021-06-30/a>	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
2021-04-06/a>	Jan Kopriva	Malspam with Lokibot vs. Outlook and RFCs
2021-03-31/a>	Xavier Mertens	Quick Analysis of a Modular InfoStealer
2019-11-27/a>	Brad Duncan	Finding an Agent Tesla malware sample
2019-10-09/a>	Brad Duncan	What data does Vidar malware steal from an infected host?
2019-01-24/a>	Brad Duncan	Malspam with Word docs uses macro to run Powershell script and steal system data
2017-03-08/a>	Xavier Mertens	Not All Malware Samples Are Complex

FICKER STEALER

FICKER

STEALER