Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Guy Bruneau

Threat Level: green

Date	Author	Title
MAC TIMES
2017-09-19	Jim Clausing	New tool: mac-robber.py
MAC
2022-07-26/a>	Xavier Mertens	How is Your macOS Security Posture?
2022-07-20/a>	Johannes Ullrich	Apple Patches Everything Day
2022-04-20/a>	Brad Duncan	"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31/a>	Johannes Ullrich	Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25/a>	Xavier Mertens	XLSB Files: Because Binary is Stealthier Than XML
2022-03-14/a>	Johannes Ullrich	Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10/a>	Johannes Ullrich	iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>	Johannes Ullrich	Apple Patches Everything
2022-01-22/a>	Xavier Mertens	Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28/a>	Russ McRee	LotL Classifier tests for shells, exfil, and miners
2021-12-20/a>	Jan Kopriva	PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02/a>	Brad Duncan	TA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23/a>	Xavier Mertens	Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>	Brad Duncan	STRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06/a>	Xavier Mertens	Malicious Microsoft Word Remains A Key Infection Vector
2021-04-23/a>	Xavier Mertens	Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12/a>	Guy Bruneau	Microsoft DHCP Logs Shipped to ELK
2021-03-03/a>	Brad Duncan	Qakbot infection with Cobalt Strike
2021-02-25/a>	Daniel Wesemann	Forensicating Azure VMs
2021-02-23/a>	Jan Kopriva	Qakbot in a response to Full Disclosure post
2021-02-05/a>	Xavier Mertens	VBA Macro Trying to Alter the Application Menus
2021-02-03/a>	Brad Duncan	Excel spreadsheets push SystemBC malware
2021-02-02/a>	Xavier Mertens	New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26/a>	Brad Duncan	TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>	Brad Duncan	Qakbot activity resumes after holiday break
2021-01-14/a>	Bojan Zdrnja	Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13/a>	Brad Duncan	Hancitor activity resumes after a hoilday break
2020-12-22/a>	Xavier Mertens	Malware Victim Selection Through WiFi Identification
2020-12-09/a>	Brad Duncan	Recent Qakbot (Qbot) activity
2020-11-20/a>	Xavier Mertens	Malicious Python Code and LittleSnitch Detection
2020-11-09/a>	Xavier Mertens	How Attackers Brush Up Their Malicious Scripts
2020-10-26/a>	Didier Stevens	Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23/a>	Xavier Mertens	Malicious Word Document with Dynamic Content
2020-09-18/a>	Xavier Mertens	A Mix of Python & VBA in a Malicious Word Document
2020-09-10/a>	Brad Duncan	Recent Dridex activity
2020-09-09/a>	Johannes Ullrich	A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26/a>	Xavier Mertens	Malicious Excel Sheet with a NULL VT Score
2020-08-19/a>	Xavier Mertens	Example of Word Document Delivering Qakbot
2020-08-07/a>	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06/a>	Xavier Mertens	A Fork of the FTCode Powershell Ransomware
2020-08-03/a>	Xavier Mertens	Powershell Bot with Multiple C2 Protocols
2020-07-15/a>	Brad Duncan	Word docs with macros for IcedID (Bokbot)
2020-07-11/a>	Guy Bruneau	VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10/a>	Brad Duncan	Excel spreasheet macro kicks off Formbook infection
2020-07-04/a>	Russ McRee	Happy FouRth of July from the Internet Storm Center
2020-06-12/a>	Xavier Mertens	Malicious Excel Delivering Fileless Payload
2020-06-10/a>	Brad Duncan	Job application-themed malspam pushes ZLoader
2020-06-01/a>	Didier Stevens	XLMMacroDeobfuscator: An Update
2020-05-20/a>	Brad Duncan	Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05/a>	Guy Bruneau	Maldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>	Didier Stevens	Obfuscated Excel 4 Macros
2020-03-18/a>	Brad Duncan	Trickbot gtag red5 distributed as a DLL file
2020-03-09/a>	Didier Stevens	Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06/a>	Xavier Mertens	A Safe Excel Sheet Not So Safe
2020-02-24/a>	Didier Stevens	Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>	Didier Stevens	Maldoc: Excel 4 Macros in OOXML Format
2020-02-21/a>	Xavier Mertens	Quick Analysis of an Encrypted Compound Document Format
2020-01-22/a>	Brad Duncan	German language malspam pushes Ursnif
2020-01-09/a>	Xavier Mertens	Quick Analyzis of a(nother) Maldoc
2019-12-11/a>	Brad Duncan	German language malspam pushes yet another wave of Trickbot
2019-12-04/a>	Jan Kopriva	Analysis of a strangely poetic malware
2019-10-02/a>	Brad Duncan	A recent example of Emotet malspam
2019-09-26/a>	Rob VandenBrink	Mining MAC Address and OUI Information
2019-09-18/a>	Brad Duncan	Emotet malspam is back
2019-07-08/a>	Didier Stevens	Machine Code? No!
2019-07-04/a>	Didier Stevens	Machine Code?
2019-06-18/a>	Brad Duncan	Malspam with password-protected Word docs pushing Dridex
2019-03-17/a>	Didier Stevens	Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>	Didier Stevens	Maldoc: Excel 4.0 Macros
2019-03-13/a>	Brad Duncan	Malspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24/a>	Brad Duncan	Malspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>	Brad Duncan	Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27/a>	Xavier Mertens	More obfuscated shell scripts: Fake MacOS Flash update
2018-11-15/a>	Brad Duncan	Emotet infection with IcedID banking Trojan
2018-11-04/a>	Pasquale Stirparo	Beyond good ol' LaunchAgent - part 1
2018-10-21/a>	Pasquale Stirparo	Beyond good ol’ LaunchAgent - part 0
2018-08-24/a>	Xavier Mertens	Microsoft Publisher Files Delivering Malware
2018-06-29/a>	Remco Verhoef	Crypto community target of MacOS malware
2018-05-25/a>	Xavier Mertens	Antivirus Evasion? Easy as 1,2,3
2018-05-23/a>	Remco Verhoef	Track naughty and nice binaries with Google Santa
2018-05-01/a>	Xavier Mertens	Diving into a Simple Maldoc Generator
2017-12-19/a>	Xavier Mertens	Example of 'MouseOver' Link in a Powerpoint File
2017-12-16/a>	Xavier Mertens	Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15/a>	Xavier Mertens	If you want something done right, do it yourself!
2017-09-19/a>	Jim Clausing	New tool: mac-robber.py
2017-02-26/a>	Guy Bruneau	It is Tax Season - Watch out for Suspicious Attachment
2016-09-30/a>	Xavier Mertens	Another Day, Another Malicious Behaviour
2015-02-19/a>	Daniel Wesemann	Macros? Really?!
2014-01-24/a>	Chris Mohan	Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17/a>	Adrien de Beaupre	Apple security updates Mac OS X and Safari
2013-10-22/a>	Richard Porter	Greenbone and OpenVAS Scanner
2013-10-02/a>	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>	Swa Frantzen	Macs need to patch too!
2013-08-09/a>	Kevin Shortt	Copy Machines - Changing Scanned Content
2013-03-02/a>	Scott Fendley	Apple Blocks Older Insecure Versions of Flash Player
2012-07-05/a>	Adrien de Beaupre	New OS X trojan backdoor MaControl variant reported
2012-05-05/a>	Tony Carothers	Vulnerability Exploit for Snow Leopard
2012-04-12/a>	Guy Bruneau	Apple Java Updates for Mac OS X
2012-02-24/a>	Guy Bruneau	Flashback Trojan in the Wild
2012-02-04/a>	Scott Fendley	Apple Security Advisory 2012-001 v1.1
2011-08-05/a>	donald smith	New Mac Trojan: BASH/QHost.WB
2011-06-23/a>	Jim Clausing	Apple Security Updates 2011-004
2011-06-15/a>	Pedro Bueno	Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26/a>	Swa Frantzen	MacDefender ups the ante with removing the password need for installation
2011-05-06/a>	Richard Porter	Unpatched Exploit: Skype for MAC
2010-11-16/a>	Guy Bruneau	Mac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17/a>	Deborah Hale	Digital Copy Machines - Security Risk?
2010-06-15/a>	Manuel Humberto Santander Pelaez	Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29/a>	Adrien de Beaupre	APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05/a>	Jim Clausing	Memory Analysis - time to move beyond XP
2010-01-12/a>	Adrien de Beaupre	PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-09/a>	Guy Bruneau	Apple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24/a>	Pedro Bueno	Identifying and Removing the iWork09 Trojan
2008-07-17/a>	Mari Nichols	Firefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30/a>	Bojan Zdrnja	(Minor) evolution in Mac DNS changer malware
2008-04-02/a>	Adrien de Beaupre	When is a DMG file not a DMG file
2006-12-12/a>	Swa Frantzen	Microsoft Office 2004 - Mac OS X updated
2006-11-29/a>	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple
TIMES
2017-09-19/a>	Jim Clausing	New tool: mac-robber.py
2016-11-20/a>	Pasquale Stirparo	How many “Epoch” times? Epocalypse.py timestamp converter

MAC TIMES

MAC

TIMES