Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
2023-02-28	Brad Duncan	BB17 distribution Qakbot (Qbot) activity
2022-10-16	Didier Stevens	Video: Analysis of a Malicious HTML File (QBot)
2022-10-13	Didier Stevens	Analysis of a Malicious HTML File (QBot)
2022-07-09	Didier Stevens	7-Zip Editing & MoW
2022-07-04	Didier Stevens	7-Zip & MoW: "For Office files"
2022-07-03	Didier Stevens	7-Zip & MoW
2022-06-04	Guy Bruneau	Spam Email Contains a Very Large ISO file
2022-05-20	Xavier Mertens	A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-04-20	Brad Duncan	"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-02-18	Xavier Mertens	Remcos RAT Delivered Through Double Compressed Archive
2021-10-31	Didier Stevens	Video: Phishing ZIP With Malformed Filename
2021-10-24	Didier Stevens	Phishing ZIP With Malformed Filename
2021-09-08	Brad Duncan	"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-08-13	Brad Duncan	Example of Danabot distributed through malspam
2021-07-26	Didier Stevens	Failed Malspam: Recovering The Password
2020-10-14	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-05-13	Brad Duncan	Malspam with links to zip archives pushes Dridex malware
2020-05-03	Didier Stevens	ZIP & AES
2020-04-26	Didier Stevens	Video: Malformed .docm File
2020-04-08	Brad Duncan	German malspam pushes ZLoader malware
2020-04-04	Didier Stevens	New Bypass Technique or Corrupt Word Document?
2020-03-25	Brad Duncan	Recent Dridex activity
2020-01-22	Brad Duncan	German language malspam pushes Ursnif
2019-03-14	Didier Stevens	Tip: Ghidra & ZIP Files
2018-12-17	Didier Stevens	Password Protected ZIP with Maldoc
2017-08-26	Didier Stevens	Malware analysis: searching for dots
2016-11-22	Didier Stevens	Update:ZIP With Comment
2016-11-21	Didier Stevens	ZIP With Comment