Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
INFORMATION STEALER
2022-03-23	Brad Duncan	Arkei Variants: From Vidar to Mars Stealer
INFORMATION
2022-03-23/a>	Brad Duncan	Arkei Variants: From Vidar to Mars Stealer
2020-12-29/a>	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2013-02-17/a>	Guy Bruneau	HP ArcSight Connector Appliance and Logger Vulnerabilities
2011-02-05/a>	Guy Bruneau	OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12/a>	Richard Porter	How Many Loyalty Cards do you Carry?
2010-10-22/a>	Manuel Humberto Santander Pelaez	Intypedia project
2010-07-24/a>	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-06-15/a>	Manuel Humberto Santander Pelaez	iPhone 4 Order Security Breach Exposes Private Information
2010-04-21/a>	Guy Bruneau	Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-03-27/a>	Guy Bruneau	HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2009-11-29/a>	Patrick Nolan	A Cloudy Weekend
2009-10-04/a>	Guy Bruneau	Samba Security Information Disclosure and DoS
2009-07-10/a>	Guy Bruneau	WordPress Fixes Multiple vulnerabilities
2009-03-02/a>	Swa Frantzen	Obama's leaked chopper blueprints: anything we can learn?
2008-09-11/a>	David Goldsmith	CookieMonster is coming to Pown (err, Town)
2008-04-07/a>	John Bambenek	HP USB Keys Shipped with Malware for your Proliant Server
STEALER
2025-05-06/a>	Xavier Mertens	Python InfoStealer with Embedded Phishing Webserver
2025-04-15/a>	Xavier Mertens	Online Services Again Abused to Exfiltrate Data
2025-01-29/a>	Xavier Mertens	From PowerShell to a Python Obfuscation Race!
2025-01-28/a>	Xavier Mertens	Fileless Python InfoStealer Targeting Exodus
2024-11-30/a>	Xavier Mertens	From a Regular Infostealer to its Obfuscated Version
2024-11-22/a>	Xavier Mertens	An Infostealer Searching for « BIP-0039 » Data
2024-11-07/a>	Xavier Mertens	Steam Account Checker Poisoned with Infostealer
2024-10-09/a>	Xavier Mertens	From Perfctl to InfoStealer
2024-09-18/a>	Xavier Mertens	Python Infostealer Patching Windows Exodus App
2024-08-27/a>	Xavier Mertens	Why Is Python so Popular to Infect Windows Hosts?
2024-07-26/a>	Xavier Mertens	ExelaStealer Delivered "From Russia With Love"
2024-05-31/a>	Xavier Mertens	"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-02-20/a>	Xavier Mertens	Python InfoStealer With Dynamic Sandbox Detection
2024-01-25/a>	Xavier Mertens	Facebook AdsManager Targeted by a Python Infostealer
2023-12-22/a>	Xavier Mertens	Shall We Play a Game?
2023-09-29/a>	Xavier Mertens	Are You Still Storing Passwords In Plain Text Files?
2023-05-04/a>	Xavier Mertens	Infostealer Embedded in a Word Document
2023-03-01/a>	Xavier Mertens	Python Infostealer Targeting Gamers
2022-12-18/a>	Guy Bruneau	Infostealer Malware with Double Extension
2022-08-11/a>	Xavier Mertens	InfoStealer Script Based on Curl and NSudo
2022-04-06/a>	Brad Duncan	Windows MetaStealer Malware
2022-03-23/a>	Brad Duncan	Arkei Variants: From Vidar to Mars Stealer
2022-03-09/a>	Xavier Mertens	Infostealer in a Batch File
2021-12-21/a>	Xavier Mertens	More Undetected PowerShell Dropper
2021-12-01/a>	Xavier Mertens	Info-Stealer Using webhook.site to Exfiltrate Data
2021-07-09/a>	Brad Duncan	Hancitor tries XLL as initial malware file
2021-06-30/a>	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
2021-04-06/a>	Jan Kopriva	Malspam with Lokibot vs. Outlook and RFCs
2021-03-31/a>	Xavier Mertens	Quick Analysis of a Modular InfoStealer
2019-11-27/a>	Brad Duncan	Finding an Agent Tesla malware sample
2019-10-09/a>	Brad Duncan	What data does Vidar malware steal from an infected host?
2019-01-24/a>	Brad Duncan	Malspam with Word docs uses macro to run Powershell script and steal system data
2017-03-08/a>	Xavier Mertens	Not All Malware Samples Are Complex

INFORMATION STEALER

INFORMATION

STEALER