Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

WORD DOC

2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-01-22Brad DuncanGerman language malspam pushes Ursnif

WORD

2020-07-26/a>Didier StevensCracking Maldoc VBA Project Passwords
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-13/a>Didier StevensVBA Project Passwords
2020-06-10/a>Brad DuncanJob application-themed malspam pushes ZLoader
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-06/a>Didier StevensPassword Protected Malicious Excel Files
2020-03-18/a>Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-01-22/a>Brad DuncanGerman language malspam pushes Ursnif
2019-12-11/a>Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-11-01/a>Didier StevensTip: Password Managers and 2FA
2019-10-02/a>Brad DuncanA recent example of Emotet malspam
2019-09-18/a>Brad DuncanEmotet malspam is back
2019-07-18/a>Xavier MertensMalicious PHP Script Back on Stage?
2019-06-10/a>Xavier MertensInteresting JavaScript Obfuscation Example
2019-01-24/a>Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-17/a>Didier StevensPassword Protected ZIP with Maldoc
2018-11-15/a>Brad DuncanEmotet infection with IcedID banking Trojan
2018-10-26/a>Xavier MertensDissecting Malicious Office Documents with Linux
2018-08-22/a>Deborah HaleEmail/password Frustration
2018-07-12/a>Johannes UllrichNew Extortion Tricks: Now Including Your Password!
2018-06-13/a>Xavier MertensA Bunch of Compromized Wordpress Sites
2018-01-09/a>Jim ClausingAre you watching for brute force attacks on IPv6?
2017-11-28/a>Xavier MertensApple High Sierra Uses a Passwordless Root Account
2017-11-07/a>Xavier MertensInteresting VBA Dropper
2017-08-17/a>Xavier MertensMaldoc with auto-updated link
2017-05-17/a>Richard PorterWait What? We don?t have to change passwords every 90 days?
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-04-26/a>Johannes UllrichIf there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-04-23/a>Didier StevensMalicious Documents: A Bit Of News
2017-04-10/a>Didier StevensPassword History: Insights Shared by a Reader
2017-02-07/a>Johannes UllrichMy Password is [taco] Using Emojis for Stronger Passwords
2017-02-04/a>Xavier MertensDetecting Undisclosed Vulnerabilities with Security Tools & Features
2016-12-07/a>Xavier MertensThe Passwords You Should Never Use
2016-09-15/a>Xavier MertensIn Need of a OTP Manager Soon?
2016-07-21/a>Didier StevensPractice ntds.dit File
2016-06-20/a>Xavier MertensUsing Your Password Manager to Monitor Data Leaks
2015-12-06/a>Mark HofmanMalware SPAM a new run has started.
2015-06-26/a>Daniel WesemannCisco default credentials - again!
2015-05-09/a>Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-03-13/a>Guy BruneauBlind SQL Injection against WordPress SEO by Yoast
2015-02-20/a>Tom WebbFast analysis of a Tax Scam
2014-11-20/a>Johannes UllrichCritical WordPress XSS Update
2014-09-19/a>Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>Richard PorterOCLHashCat 1.30 Released
2014-08-06/a>Johannes UllrichAll Passwords have been lost: What's next?
2014-07-22/a>Daniel Wesemann WordPress brute force attack via wp.getUsersBlogs
2014-06-19/a>Tony CarothersWordPress and Security
2014-05-22/a>Rob VandenBrinkAnother Site Breached - Time to Change your Passwords! (If you can that is)
2014-03-14/a>Richard PorterWord Press Shenanigans? Anyone seeing strange activity today?
2014-03-12/a>Johannes UllrichWordpress "Pingback" DDoS Attacks
2013-11-22/a>Rick WannerTales of Password Reuse
2013-07-21/a>Guy BruneauUbuntu Forums Security Breach
2013-06-11/a>Swa FrantzenStore passwords the right way in your application
2013-05-14/a>Jim ClausingSo what passwords are those ssh scanners trying?
2013-03-18/a>Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18/a>Russ McReeInteresting reads for Friday 18 JAN 2013
2013-01-04/a>Daniel WesemannBlue for Reset?
2012-11-15/a>Jim ClausingAnother month another password disclosure breach
2012-07-16/a>Jim ClausingAn analysis of the Yahoo! passwords
2012-06-06/a>Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-04-21/a>Guy BruneauWordPress Release Security Update
2012-01-05/a>Russ McReeWordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.
2012-01-03/a>Rick WannerAnalysis of the Stratfor Password List
2011-10-10/a>Tom ListonWhat's In A Name?
2011-08-10/a>Johannes UllrichTheoretical and Practical Password Entropy
2011-06-30/a>Guy BruneauWordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/
2011-06-28/a>Johannes UllrichHashing Passwords
2011-06-22/a>Guy BruneauWordPress Forces Password Reset
2011-05-30/a>Johannes UllrichAllied Telesis Passwords Leaked
2011-04-18/a>John BambenekWordpress.com Security Breach
2011-02-08/a>Mark HofmanWordPress 3.0.5 (and 3.1 RC4) are out
2010-12-30/a>Johannes UllrichCritcal Wordpress Security Update http://wordpress.org/news/2010/12/3-0-4-update/
2010-12-28/a>John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13/a>Deborah HaleGawker Media Breach of Security
2010-12-02/a>Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-11-26/a>Mark HofmanUsing password cracking as metric/indicator for the organisation's security posture
2010-08-27/a>Mark HofmanFTP Brute Password guessing attacks
2010-05-19/a>Kyle HaugsnessWordpress blog attacks... again
2010-05-10/a>Toby KohlenbergAnother round of WordPress Attacks
2010-03-30/a>Pedro BuenoSharing the Tools
2010-02-25/a>Chris CarboniPass The Hash
2010-02-05/a>Jim ClausingWordPress iframe injection?
2010-02-02/a>Johannes UllrichTwitter Mass Password Reset due to Phishing
2009-12-04/a>Daniel WesemannThe economics of security advice (MSFT research paper)
2009-11-30/a>Bojan ZdrnjaDistributed Wordpress admin account cracking
2009-11-02/a>Daniel WesemannPassword rules: Change them every 25 years
2009-10-23/a>Johannes UllrichLittle new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2009-10-21/a>Pedro BuenoWordPress Hardening
2009-08-11/a>Swa FrantzenWordpress unauthenticated administrator password reset
2008-11-11/a>Swa FrantzenPhishing for Google adwords
2008-09-22/a>Jim ClausingLessons learned from the Palin (and other) account hijacks
2008-09-09/a>Swa Frantzenwordpress upgrade
2008-07-17/a>Mari NicholsAdobe Reader 9 Released
2008-07-09/a>Johannes UllrichUnpatched Word Vulnerability
2008-04-23/a>Mari NicholsWhat's New, Old and Morphing?

DOC

2020-08-02/a>Didier StevensSmall Challenge: A Simple Word Maldoc
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-12/a>Didier StevensMaldoc: VBA Purging Example
2020-06-12/a>Xavier MertensMalicious Excel Delivering Fileless Payload
2020-06-01/a>Didier StevensXLMMacroDeobfuscator: An Update
2020-05-24/a>Didier StevensZloader Maldoc Analysis With xlm-deobfuscator
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-30/a>Xavier MertensCollecting IOCs from IMAP Folder
2020-04-26/a>Didier StevensVideo: Malformed .docm File
2020-04-18/a>Guy BruneauMaldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-06/a>Didier StevensPassword Protected Malicious Excel Files
2020-04-05/a>Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-04-04/a>Didier StevensNew Bypass Technique or Corrupt Word Document?
2020-03-29/a>Didier StevensObfuscated Excel 4 Macros
2020-03-09/a>Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24/a>Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2020-01-22/a>Brad DuncanGerman language malspam pushes Ursnif
2020-01-09/a>Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-12-22/a>Didier StevensExtracting VBA Macros From .DWG Files
2019-12-16/a>Didier StevensMalicious .DWG Files?
2019-12-14/a>Didier Stevens(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-09/a>Didier Stevens(Lazy) Sunday Maldoc Analysis
2019-09-30/a>Didier StevensMaldoc, PowerShell & BITS
2019-09-29/a>Didier StevensEncrypted Maldoc, Wrong Password
2019-08-15/a>Didier StevensAnalysis of a Spearphishing Maldoc
2019-07-28/a>Didier StevensVideo: Analyzing Compressed PowerShell Scripts
2019-07-06/a>Didier StevensMalicious XSL Files
2019-07-05/a>Didier StevensA "Stream O" Maldoc
2019-07-01/a>Didier StevensMaldoc: Payloads in User Forms
2019-05-28/a>Didier StevensOffice Document & BASE64? PowerShell!
2019-05-10/a>Xavier MertensDSSuite - A Docker Container with Didier's Tools
2019-05-01/a>Didier StevensVBA Office Document: Which Version?
2019-04-27/a>Didier StevensQuick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23/a>Didier StevensMalicious VBA Office Document Without Source Code
2019-03-31/a>Didier StevensMaldoc Analysis of the Weekend by a Reader
2019-03-25/a>Didier Stevens"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23/a>Didier Stevens"VelvetSweatshop" Maldocs
2019-03-17/a>Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>Didier StevensMaldoc: Excel 4.0 Macros
2019-02-27/a>Didier StevensMaldoc Analysis by a Reader
2019-02-17/a>Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16/a>Didier StevensFinding Property Values in Office Documents
2019-02-11/a>Didier StevensHave You Seen an Email Virus Recently?
2019-02-10/a>Didier StevensVideo: Maldoc Analysis of the Weekend
2019-02-09/a>Didier StevensMaldoc Analysis of the Weekend
2019-01-26/a>Didier StevensVideo: Analyzing Encrypted Malicious Office Documents
2019-01-11/a>Didier StevensQuick Maldoc Analysis
2019-01-07/a>Didier StevensAnalyzing Encrypted Malicious Office Documents
2019-01-02/a>Didier StevensMaldoc with Nonfunctional Shellcode
2018-12-29/a>Didier StevensVideo: De-DOSfuscation Example
2018-12-17/a>Didier StevensPassword Protected ZIP with Maldoc
2018-12-12/a>Didier StevensYet Another DOSfuscation Sample
2018-12-07/a>Remco VerhoefA Dive into malicious Docker Containers
2018-12-03/a>Didier StevensWord maldoc: yet another place to hide a command
2018-11-26/a>Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-23/a>Didier StevensVideo: Dissecting a CVE-2017-11882 Exploit
2018-11-10/a>Didier StevensVideo: CyberChef: BASE64/XOR Recipe
2018-11-02/a>Didier StevensTriJklcj2HIUCheDES decryption failed?
2018-10-16/a>Didier StevensCyberChef: BASE64/XOR Recipe
2018-10-13/a>Didier StevensMaldoc: Once More It's XOR
2018-10-01/a>Didier StevensDecoding Custom Substitution Encodings with translate.py
2018-09-30/a>Didier StevensWhen DOSfuscation Helps...
2018-08-25/a>Didier StevensMicrosoft Publisher malware: static analysis
2018-08-05/a>Didier StevensVideo: Maldoc analysis with standard Linux tools
2018-07-30/a>Didier StevensMalicious Word documents using DOSfuscation
2018-06-17/a>Didier StevensEncrypted Office Documents
2018-05-01/a>Xavier MertensDiving into a Simple Maldoc Generator
2018-02-18/a>Didier StevensFinding VBA signatures in .docm files
2018-02-12/a>Didier StevensAnalyzing compressed shellcode
2018-02-11/a>Didier StevensFinding VBA signatures in Word documents
2018-02-09/a>Didier StevensAn autograph from the Dridex gang
2018-02-02/a>Xavier MertensSimple but Effective Malicious XLS Sheet
2018-01-28/a>Didier StevensIs this a pentest?
2018-01-20/a>Didier StevensAn RTF phish
2018-01-15/a>Didier StevensDecrypting malicious PDFs with the key
2018-01-14/a>Didier StevensPeeking into Excel files
2018-01-02/a>Didier StevensPDF documents & URLs: video
2017-12-31/a>Didier StevensAnalyzing TNEF files
2017-12-25/a>Didier StevensDealing with obfuscated RTF files
2017-12-24/a>Didier StevensPDF documents & URLs: update
2017-12-23/a>Didier StevensEncrypted PDFs
2017-12-19/a>Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-18/a>Didier StevensPhish or scam? - Part 2
2017-12-17/a>Didier StevensPhish or scam? - Part 1
2017-12-09/a>Didier StevensSometimes it's a dud
2017-11-06/a>Didier StevensMetasploit's Maldoc
2017-11-05/a>Didier StevensExtracting the text from PDF documents
2017-11-04/a>Didier StevensPDF documents & URLs
2017-09-28/a>Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-09-10/a>Didier StevensIt is a resume - Part 3
2017-08-20/a>Didier StevensIt's Not An Invoice ...
2017-08-17/a>Xavier MertensMaldoc with auto-updated link
2017-08-10/a>Didier StevensMaldoc Analysis with ViperMonkey
2017-07-29/a>Didier StevensMaldoc Submitted and Analyzed
2017-07-28/a>Didier StevensStatic Analysis of Emotet Maldoc
2017-07-15/a>Didier StevensOffice maldoc + .lnk
2017-07-10/a>Didier StevensBasic Office maldoc analysis
2017-05-03/a>Bojan ZdrnjaOAUTH phishing against Google Docs ? beware!
2017-04-28/a>Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-23/a>Didier StevensMalicious Documents: A Bit Of News
2017-04-21/a>Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05/a>Didier StevensAnother example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26/a>Didier StevensCRA Maldoc Analysis
2016-12-24/a>Didier StevensPinging All The Way
2016-12-10/a>Didier StevensSleeping VBS Really Wants To Sleep
2016-12-05/a>Didier StevensHancitor Maldoc Videos
2016-11-18/a>Didier StevensVBA Shellcode and Windows 10
2016-11-12/a>Didier StevensVBA Shellcode and EMET
2016-11-05/a>Xavier MertensFull Packet Capture for Dummies
2016-10-17/a>Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-16/a>Didier StevensAnalyzing Office Maldocs With Decoder.xls
2016-10-15/a>Didier StevensMaldoc VBA Anti-Analysis
2016-10-13/a>Jim ClausingNew tool: docker-mount.py
2016-09-26/a>Didier StevensVBA and P-code
2016-09-13/a>Rob VandenBrinkIf it's Free, YOU are the Product
2016-08-06/a>Didier Stevensrtfdump
2016-07-30/a>Didier Stevensrtfobj
2016-07-29/a>Didier StevensMalicious RTF Files
2016-07-19/a>Didier StevensOffice Maldoc: Let's Focus on the VBA Macros Later...
2016-06-01/a>Xavier MertensDocker Containers Logging
2016-03-29/a>Didier StevensVBE: Encoded VBS Script
2016-03-15/a>Xavier MertensDockerized DShield SSH Honeypot
2016-03-11/a>Jim ClausingForensicating Docker, Part 1
2016-02-21/a>Didier StevensTip: Quick Analysis of Office Maldoc
2016-01-11/a>Didier StevensBlackEnergy .XLS Dropper
2015-12-26/a>Didier StevensMalfunctioning Malware
2015-11-21/a>Didier StevensMaldoc Social Engineering Trick
2015-09-19/a>Didier StevensDon't launch that file Adobe Reader!
2015-08-28/a>Didier StevensTest File: PDF With Embedded DOC Dropping EICAR
2015-08-26/a>Didier StevensPDF + maldoc1 = maldoc2
2015-05-15/a>Didier StevensAnother Maldoc? I'm Afraid So...
2015-05-09/a>Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10/a>Didier StevensThe Kill Chain: Now With Pastebin
2015-03-30/a>Didier StevensYARA Rules For Shellcode
2015-03-14/a>Didier StevensMaldoc VBA Sandbox/Virtualization Detection
2015-02-20/a>Tom WebbFast analysis of a Tax Scam
2013-05-20/a>Guy BruneauSafe - Tools, Tactics and Techniques
2010-10-26/a>Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files