- A Tale of Two Phishies
- Jaff ransomware gets a makeover
- Seamless Campaign using Rig Exploit Kit to send Ramnit Trojan
- Malspam on 2017-04-11 pushes yet another ransomware variant
- April 2017 Microsoft Patch Tuesday
- Dridex malspam seen on Monday 2017-04-10
- "Blank Slate" malspam still pushing Cerber ransomware
- Malspam with password-protected Word documents
- Brazilian malspam sends Autoit-based malware
- Hancitor/Pony malspam
- CryptoShield Ransomware from Rig EK
- Ticketbleed vulnerability affects some f5 appliances
- Sage 2.0 Ransomware
- Upatre/Dyre - the daily grind of botnet-based malspam
- Traffic pattern change noted in Fiesta exploit kit
- Dalexis/CTB-Locker malspam campaign
- Actor using Fiesta exploit kit
- Hancitor/Pony/Vawtrak malspam
- Merry X-Mas ransomware from Sunday 2017-01-08
- One, if by email, and two, if by EK: The Cerbers are coming!
- Domaincop malpsam
- 2016-11-18 example of KaiXin EK activity
- Malspam distributing Troldesh ransomware
- Exploit kit roundup: Less Angler, more Nuclear
- Malspam delivers NanoCore RAT
- pseudoDarkleech Rig EK
- Rig Exploit Kit from the Afraidgate Campaign
- Those never-ending waves of Locky malspam
- 1 compromised site - 2 campaigns
- Follow-up to: Stop calling it a ransomware "attack"
- Stop calling it a ransomware "attack"
- CryptXXX ransomware updated
- Change in patterns for the pseudoDarkleech campaign
- APT and why I don't like the term
- Searching for malspam
- Neutrino EK and CryptXXX
- EITest campaign still going strong
- ImageTragick: Another Vulnerability, Another Nickname
- Neutrino exploit kit sends Cerber ransomware
- Angler Exploit Kit, Bedep, and CryptXXX
- The importance of ongoing dialog
- Recent example of KaiXin exploit kit
- Angler exploit kit generated by "admedia" gates
- A trip through the spam filters: more malspam with zip attachments containing .js files
- Dridex malspam example from January 2016
- OpenSSH 7.1p2 released with security fix for CVE-2016-0777
- CryptoWall sent by Angler and Neutrino exploit kits or through malicious spam
- A recent example of wire transfer fraud
- Actor using Rig EK to deliver Qbot - update
- Actor using Rig EK to deliver Qbot
- ScreenOS vulnerability affects Juniper firewalls
- TeslaCrypt ransomware sent using malicious spam
- Everything old is new again - Blackhole exploit kit since November 2015
- New variant of CryptoWall - Is it right to call it 4.0?
- Malicious spam - Subject: RE: Bill
- BizCN gate actor sends CryptoWall 4.0
- Actors using exploit kits - How they change tactics
- Malicious spam with links to CryptoWall 3.0 - Subject: Domain [name] Suspension Notice
- Botnets spreading Dridex still active
- Compromised Magento sites led to Neutrino exploit kit
- Malicious spam with Word document
- BizCN gate actor update
- Recent trends in Nuclear Exploit Kit activity
- Mistakenly-deployed test patch leads to suspicious Windows update
- Malicious spam with zip attachments containing .js files
- A look through the spam filters - examining waves of Upatre malspam
- Actor that tried Neutrino exploit kit now back to Angler
- What's the situation this week for Neutrino and Angler EK?
- A recent decline in traffic associated with Operation Windigo
- Actor using Angler exploit kit switched to Neutrino
- Adwind: another payload for botnet-based malspam
- Nuclear EK traffic patterns in August 2015
- Malicious spam continues to serve zip archives of javascript files
- Bartalex malspam pushing Pony/Dyre
- After Flash, what will exploit kits focus on next?
- BizCN gate actor changes from Fiesta to Nuclear exploit kit
- Another example of Angler exploit kit pushing CryptoWall 3.0
- Botnet-based malicious spam seen this week
- Updates to OpenSSL fix vulnerabilities related to Logjam
- Increase in CryptoWall 3.0 from malicious spam and Angler exploit kit
- Exploit kit roundup - early June 2015
- Myfax malspam wave with links to malware and Neutrino exploit kit
- Angler exploit kit pushing CryptoWall 3.0
- Exploit kits delivering Necurs
- Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
- Upatre/Dyre malspam - Subject: eFax message from "unknown"
- Recent Dridex activity
- Angler exploit kit pushes new variant of ransomware
- SOC Analyst Pyramid
- Exploit kits (still) pushing Teslacrypt ransomware
- An example of the malicious emails sometimes sent to the ISC handler addresses
- Angler Exploit Kit - Recent Traffic Patterns
- Rig Exploit Kit Changes Traffic Patterns
- Threatglass has pcap files with exploit kit activity
- What Happened to You, Asprox Botnet?
- An Example of Evolving Obfuscation
Threat Level: green
Handler on Duty: Brad Duncan
SANS ISC: ISC Handlers - Internet Security | DShield ISC Handlers
Questions? Feedback?
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
