Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
2025-05-07	Xavier Mertens	Example of "Modular" Malware
2025-03-18	Xavier Mertens	Python Bot Delivered Through DLL Side-Loading
2023-06-22	Brad Duncan	Qakbot (Qbot) activity, obama271 distribution tag
2023-02-28	Brad Duncan	BB17 distribution Qakbot (Qbot) activity
2023-02-24	Brad Duncan	URL files and WebDAV used for IcedID (Bokbot) infection
2022-11-04	Xavier Mertens	Remcos Downloader with Unicode Obfuscation
2022-08-24	Brad Duncan	Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-07-07	Brad Duncan	Emotet infection with Cobalt Strike
2022-04-06	Brad Duncan	Windows MetaStealer Malware
2022-01-21	Xavier Mertens	Obscure Wininet.dll Feature?
2021-12-22	Brad Duncan	December 2021 Forensic Contest: Answers and Analysis
2021-12-02	Brad Duncan	TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-19	Xavier Mertens	Downloader Disguised as Excel Add-In (XLL)
2021-11-16	Brad Duncan	Emotet Returns
2021-10-21	Brad Duncan	"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-08	Brad Duncan	"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-07-06	Xavier Mertens	Python DLL Injection Check
2021-06-04	Xavier Mertens	Russian Dolls VBS Obfuscation
2021-05-21	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2021-05-18	Xavier Mertens	From RunDLL32 to JavaScript then PowerShell
2021-03-31	Xavier Mertens	Quick Analysis of a Modular InfoStealer
2021-03-03	Brad Duncan	Qakbot infection with Cobalt Strike
2021-02-17	Brad Duncan	Malspam pushing Trickbot gtag rob13
2021-02-11	Jan Kopriva	Agent Tesla hidden in a historical anti-malware tool
2021-01-26	Brad Duncan	TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20	Brad Duncan	Qakbot activity resumes after holiday break
2020-09-10	Brad Duncan	Recent Dridex activity
2020-08-28	Xavier Mertens	Example of Malicious DLL Injected in PowerShell
2020-06-10	Brad Duncan	Job application-themed malspam pushes ZLoader
2020-05-13	Brad Duncan	Malspam with links to zip archives pushes Dridex malware
2020-04-08	Brad Duncan	German malspam pushes ZLoader malware
2020-03-25	Brad Duncan	Recent Dridex activity
2018-11-06	Xavier Mertens	Malicious Powershell Script Dissection
2018-08-21	Xavier Mertens	Malicious DLL Loaded Through AutoIT
2016-06-03	Tom Liston	MySQL is YourSQL
2015-09-29	Pedro Bueno	Tricks for DLL analysis
2013-11-09	Guy Bruneau	IE Zero-Day Vulnerability Exploiting msvcrt.dll
2010-12-01	Deborah Hale	McAfee Security Bulletin Released
2010-08-23	Bojan Zdrnja	DLL hijacking vulnerabilities
2010-08-05	Manuel Humberto Santander Pelaez	Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2006-09-19	Swa Frantzen	Yet another MSIE 0-day: VML