| 2022-02-11 | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2021-11-19 | Xavier Mertens | Downloader Disguised as Excel Add-In (XLL) |
| 2021-11-04 | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-09-08 | Brad Duncan | "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware |
| 2021-08-11 | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-05-18 | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-02-24 | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2020-10-22 | Jan Kopriva | BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon |
| 2020-06-10 | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-05-24 | Didier Stevens | Zloader Maldoc Analysis With xlm-deobfuscator |
| 2020-04-08 | Brad Duncan | German malspam pushes ZLoader malware |
| 2019-12-05 | Jan Kopriva | E-mail from Agent Tesla |
| 2019-07-02 | Xavier Mertens | Malicious Script With Multiple Payloads |
| 2017-02-10 | Brad Duncan | Hancitor/Pony malspam |
https://www.sans.edu
