Date Author Title
2025-06-05Xavier MertensBe Careful With Fake Zoom Client Downloads
2024-12-23Xavier MertensModiloader From Obfuscated Batch File
2024-05-27Jan KoprivaFiles with TXZ extension used as malspam attachments
2024-01-12Xavier MertensOne File, Two Payloads
2023-11-18Xavier MertensQuasar RAT Delivered Through Updated SharpLoader
2023-07-12Brad DuncanLoader activity for Formbook "QM18"
2023-06-29Brad DuncanGuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-24Guy BruneauEmail Spam with Attachment Modiloader
2023-06-17Brad DuncanFormbook from Possible ModiLoader (DBatLoader)
2023-05-30Brad DuncanMalspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2022-11-04Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-11-02Brad DuncanWho put the "Dark" in DarkVNC?
2022-09-18Tom WebbPreventing ISO Malware
2022-02-11Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2021-11-19Xavier MertensDownloader Disguised as Excel Add-In (XLL)
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-09-08Brad Duncan"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-08-11Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-05-18Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-02-24Brad DuncanMalspam pushes GuLoader for Remcos RAT
2020-10-22Jan KoprivaBazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-05-24Didier StevensZloader Maldoc Analysis With xlm-deobfuscator
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2019-12-05Jan KoprivaE-mail from Agent Tesla
2019-07-02Xavier MertensMalicious Script With Multiple Payloads
2017-02-10Brad DuncanHancitor/Pony malspam