Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Johannes Ullrich
Threat Level:
green
Date
Author
Title
2022-06-30
Brad Duncan
Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-09
Brad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-04-20
Brad Duncan
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-25
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-03-16
Brad Duncan
Qakbot infection with Cobalt Strike and VNC activity
2021-11-04
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-09-23
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-30
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-03-03
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-23
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-01-26
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2020-12-09
Brad Duncan
Recent Qakbot (Qbot) activity
2020-11-03
Brad Duncan
Emotet -> Qakbot -> more Emotet
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-04-01
Brad Duncan
Qakbot malspam sent from an infected Windows host
2019-03-13
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
Homepage
Diaries
Podcasts
Jobs
Data
HTTP Header Activity
TCP/UDP Port Activity
Port Trends
Presentations & Papers
SSH/Telnet Scanning Activity
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Weblogs
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Fightback
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Follow updates by subscribing to the handler's
diary RSS feed
