| Date | Author | Title |
|---|---|---|
| 2020-10-14 | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-07 | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-05-13 | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-05-03 | Didier Stevens | ZIP & AES |
| 2020-04-26 | Didier Stevens | Video: Malformed .docm File |
| 2020-04-08 | Brad Duncan | German malspam pushes ZLoader malware |
| 2020-04-04 | Didier Stevens | New Bypass Technique or Corrupt Word Document? |
| 2020-03-25 | Brad Duncan | Recent Dridex activity |
| 2020-01-22 | Brad Duncan | German language malspam pushes Ursnif |
| 2019-03-14 | Didier Stevens | Tip: Ghidra & ZIP Files |
| 2018-12-17 | Didier Stevens | Password Protected ZIP with Maldoc |
| 2017-08-26 | Didier Stevens | Malware analysis: searching for dots |
| 2016-11-22 | Didier Stevens | Update:ZIP With Comment |
| 2016-11-21 | Didier Stevens | ZIP With Comment |
Threat Level: green
Handler on Duty: Didier Stevens
SANS ISC: Diaries by Keyword Diaries by Keyword
Questions? Feedback?
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
Follow updates by subscribing to the handler's diary RSS feed
