Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
MAC TIMES
2017-09-19
Jim Clausing
New tool: mac-robber.py
MAC
2022-07-26/a>
Xavier Mertens
How is Your macOS Security Posture?
2022-07-20/a>
Johannes Ullrich
Apple Patches Everything Day
2022-04-20/a>
Brad Duncan
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31/a>
Johannes Ullrich
Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25/a>
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-03-14/a>
Johannes Ullrich
Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10/a>
Johannes Ullrich
iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>
Johannes Ullrich
Apple Patches Everything
2022-01-22/a>
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28/a>
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-12-20/a>
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02/a>
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23/a>
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06/a>
Xavier Mertens
Malicious Microsoft Word Remains A Key Infection Vector
2021-04-23/a>
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12/a>
Guy Bruneau
Microsoft DHCP Logs Shipped to ELK
2021-03-03/a>
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-25/a>
Daniel Wesemann
Forensicating Azure VMs
2021-02-23/a>
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-05/a>
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2021-02-03/a>
Brad Duncan
Excel spreadsheets push SystemBC malware
2021-02-02/a>
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26/a>
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-14/a>
Bojan Zdrnja
Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13/a>
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-22/a>
Xavier Mertens
Malware Victim Selection Through WiFi Identification
2020-12-09/a>
Brad Duncan
Recent Qakbot (Qbot) activity
2020-11-20/a>
Xavier Mertens
Malicious Python Code and LittleSnitch Detection
2020-11-09/a>
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-10-26/a>
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23/a>
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-18/a>
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-09-10/a>
Brad Duncan
Recent Dridex activity
2020-09-09/a>
Johannes Ullrich
A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26/a>
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-08-19/a>
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-07/a>
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06/a>
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03/a>
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-15/a>
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-11/a>
Guy Bruneau
VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10/a>
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-07-04/a>
Russ McRee
Happy FouRth of July from the Internet Storm Center
2020-06-12/a>
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-10/a>
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-06-01/a>
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-20/a>
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05/a>
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-18/a>
Brad Duncan
Trickbot gtag red5 distributed as a DLL file
2020-03-09/a>
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06/a>
Xavier Mertens
A Safe Excel Sheet Not So Safe
2020-02-24/a>
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-02-21/a>
Xavier Mertens
Quick Analysis of an Encrypted Compound Document Format
2020-01-22/a>
Brad Duncan
German language malspam pushes Ursnif
2020-01-09/a>
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-11/a>
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-12-04/a>
Jan Kopriva
Analysis of a strangely poetic malware
2019-10-02/a>
Brad Duncan
A recent example of Emotet malspam
2019-09-26/a>
Rob VandenBrink
Mining MAC Address and OUI Information
2019-09-18/a>
Brad Duncan
Emotet malspam is back
2019-07-08/a>
Didier Stevens
Machine Code? No!
2019-07-04/a>
Didier Stevens
Machine Code?
2019-06-18/a>
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-03-17/a>
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-03-13/a>
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24/a>
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27/a>
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-15/a>
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-11-04/a>
Pasquale Stirparo
Beyond good ol' LaunchAgent - part 1
2018-10-21/a>
Pasquale Stirparo
Beyond good ol’ LaunchAgent - part 0
2018-08-24/a>
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-06-29/a>
Remco Verhoef
Crypto community target of MacOS malware
2018-05-25/a>
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-23/a>
Remco Verhoef
Track naughty and nice binaries with Google Santa
2018-05-01/a>
Xavier Mertens
Diving into a Simple Maldoc Generator
2017-12-19/a>
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-16/a>
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15/a>
Xavier Mertens
If you want something done right, do it yourself!
2017-09-19/a>
Jim Clausing
New tool: mac-robber.py
2017-02-26/a>
Guy Bruneau
It is Tax Season - Watch out for Suspicious Attachment
2016-09-30/a>
Xavier Mertens
Another Day, Another Malicious Behaviour
2015-02-19/a>
Daniel Wesemann
Macros? Really?!
2014-01-24/a>
Chris Mohan
Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17/a>
Adrien de Beaupre
Apple security updates Mac OS X and Safari
2013-10-22/a>
Richard Porter
Greenbone and OpenVAS Scanner
2013-10-02/a>
John Bambenek
Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>
Swa Frantzen
Macs need to patch too!
2013-08-09/a>
Kevin Shortt
Copy Machines - Changing Scanned Content
2013-03-02/a>
Scott Fendley
Apple Blocks Older Insecure Versions of Flash Player
2012-07-05/a>
Adrien de Beaupre
New OS X trojan backdoor MaControl variant reported
2012-05-05/a>
Tony Carothers
Vulnerability Exploit for Snow Leopard
2012-04-12/a>
Guy Bruneau
Apple Java Updates for Mac OS X
2012-02-24/a>
Guy Bruneau
Flashback Trojan in the Wild
2012-02-04/a>
Scott Fendley
Apple Security Advisory 2012-001 v1.1
2011-08-05/a>
donald smith
New Mac Trojan: BASH/QHost.WB
2011-06-23/a>
Jim Clausing
Apple Security Updates 2011-004
2011-06-15/a>
Pedro Bueno
Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26/a>
Swa Frantzen
MacDefender ups the ante with removing the password need for installation
2011-05-06/a>
Richard Porter
Unpatched Exploit: Skype for MAC
2010-11-16/a>
Guy Bruneau
Mac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17/a>
Deborah Hale
Digital Copy Machines - Security Risk?
2010-06-15/a>
Manuel Humberto Santander Pelaez
Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29/a>
Adrien de Beaupre
APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05/a>
Jim Clausing
Memory Analysis - time to move beyond XP
2010-01-12/a>
Adrien de Beaupre
PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07/a>
Rob VandenBrink
Layer 2 Network Protections – reloaded!
2009-11-09/a>
Guy Bruneau
Apple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24/a>
Pedro Bueno
Identifying and Removing the iWork09 Trojan
2008-07-17/a>
Mari Nichols
Firefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30/a>
Bojan Zdrnja
(Minor) evolution in Mac DNS changer malware
2008-04-02/a>
Adrien de Beaupre
When is a DMG file not a DMG file
2006-12-12/a>
Swa Frantzen
Microsoft Office 2004 - Mac OS X updated
2006-11-29/a>
Toby Kohlenberg
New Vulnerability Announcement and patches from Apple
TIMES
2017-09-19/a>
Jim Clausing
New tool: mac-robber.py
2016-11-20/a>
Pasquale Stirparo
How many “Epoch” times? Epocalypse.py timestamp converter
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Integrate
our data
into your projects