Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
2024-05-27
Jan Kopriva
Files with TXZ extension used as malspam attachments
2024-01-03
Jan Kopriva
Interesting large and small malspam attachments from 2023
2023-06-29
Brad Duncan
GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-05-30
Brad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-04-12
Brad Duncan
Recent IcedID (Bokbot) activity
2023-01-05
Brad Duncan
More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-02
Brad Duncan
obama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-08-19
Brad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
2022-07-07
Brad Duncan
Emotet infection with Cobalt Strike
2022-06-17
Brad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-04-06
Brad Duncan
Windows MetaStealer Malware
2022-03-16
Brad Duncan
Qakbot infection with Cobalt Strike and VNC activity
2021-12-31
Jan Kopriva
Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-11-16
Brad Duncan
Emotet Returns
2021-10-22
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-08-13
Brad Duncan
Example of Danabot distributed through malspam
2021-07-26
Didier Stevens
Failed Malspam: Recovering The Password
2021-07-14
Jan Kopriva
One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-04-06
Jan Kopriva
Malspam with Lokibot vs. Outlook and RFCs
2021-02-24
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2021-02-17
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-13
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-09
Brad Duncan
Recent Qakbot (Qbot) activity
2020-10-14
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-10
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-04-01
Brad Duncan
Qakbot malspam sent from an infected Windows host
2020-03-25
Brad Duncan
Recent Dridex activity
2020-02-12
Brad Duncan
Malpsam pushes Ursnif through Italian language Word docs
2020-02-03
Jan Kopriva
Analysis of a triple-encrypted AZORult downloader
2020-01-22
Brad Duncan
German language malspam pushes Ursnif
2020-01-16
Jan Kopriva
Picks of 2019 malware - the large, the small and the one full of null bytes
2019-12-18
Brad Duncan
Emotet infection with spambot activity
2019-12-11
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-12-03
Brad Duncan
Ursnif infection with Dridex
2019-11-20
Brad Duncan
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-13
Brad Duncan
An example of malspam pushing Lokibot malware, November 2019
2019-11-06
Brad Duncan
More malspam pushing Formbook
2019-10-02
Brad Duncan
A recent example of Emotet malspam
2019-09-25
Brad Duncan
Malspam pushing Quasar RAT
2019-09-18
Brad Duncan
Emotet malspam is back
2019-06-18
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-03-13
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06
Brad Duncan
Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-02-20
Brad Duncan
More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-06
Brad Duncan
Hancitor malspam and infection traffic from Tuesday 2019-02-05
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-16
Brad Duncan
Emotet infections and follow-up malware
2019-01-10
Brad Duncan
Heartbreaking Emails: "Love You" Malspam
2018-12-18
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-05
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
2018-12-04
Brad Duncan
Malspam pushing Lokibot malware
2018-11-29
Brad Duncan
Russian language malspam pushing Shade (Troldesh) ransomware
2018-11-15
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-11-14
Brad Duncan
Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-10-31
Brad Duncan
More malspam using password-protected Word docs
2018-10-30
Brad Duncan
Campaign evolution: Hancitor malspam starts pushing Ursnif this week
2018-09-26
Brad Duncan
One Emotet infection leads to three follow-up malware infections
2018-08-15
Brad Duncan
More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-08-02
Brad Duncan
DHL-themed malspam reveals embedded malware in animated gif
2018-07-27
Brad Duncan
Malspam with password-protected Word docs pushes Hermes ransomware
2018-07-24
Brad Duncan
Recent Emotet activity
2017-11-30
Brad Duncan
More Malspam pushing Emotet malware
2017-10-19
Brad Duncan
HSBC-themed malspam uses ISO attachments to push Loki Bot malware
2017-10-17
Brad Duncan
Hancitor malspam uses DDE attack
2017-09-18
Xavier Mertens
Getting some intelligence from malspam
2017-09-01
Brad Duncan
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-07-26
Brad Duncan
Malspam pushing Emotet malware
2017-07-14
Brad Duncan
NemucodAES and the malspam that distributes it
2017-06-28
Brad Duncan
Catching up with Blank Slate: a malspam campaign still going strong
2017-05-24
Brad Duncan
Jaff ransomware gets a makeover
2017-04-11
Brad Duncan
Dridex malspam seen on Monday 2017-04-10
2017-02-10
Brad Duncan
Hancitor/Pony malspam
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
The Internet Storm Center is a community for everyone, so
join the conversation