Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2022-04-06Brad DuncanWindows MetaStealer Malware
2022-01-21Xavier MertensObscure Wininet.dll Feature?
2021-12-22Brad DuncanDecember 2021 Forensic Contest: Answers and Analysis
2021-12-02Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-11-19Xavier MertensDownloader Disguised as Excel Add-In (XLL)
2021-11-16Brad DuncanEmotet Returns
2021-10-21Brad Duncan"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-08Brad Duncan"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-07-06Xavier MertensPython DLL Injection Check
2021-06-04Xavier MertensRussian Dolls VBS Obfuscation
2021-05-21Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2021-05-18Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-03-31Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-17Brad DuncanMalspam pushing Trickbot gtag rob13
2021-02-11Jan KoprivaAgent Tesla hidden in a historical anti-malware tool
2021-01-26Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20Brad DuncanQakbot activity resumes after holiday break
2020-09-10Brad DuncanRecent Dridex activity
2020-08-28Xavier MertensExample of Malicious DLL Injected in PowerShell
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-05-13Brad DuncanMalspam with links to zip archives pushes Dridex malware
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2020-03-25Brad DuncanRecent Dridex activity
2018-11-06Xavier MertensMalicious Powershell Script Dissection
2018-08-21Xavier MertensMalicious DLL Loaded Through AutoIT
2016-06-03Tom ListonMySQL is YourSQL
2015-09-29Pedro BuenoTricks for DLL analysis
2013-11-09Guy BruneauIE Zero-Day Vulnerability Exploiting msvcrt.dll
2010-12-01Deborah HaleMcAfee Security Bulletin Released
2010-08-23Bojan ZdrnjaDLL hijacking vulnerabilities
2010-08-05Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2006-09-19Swa FrantzenYet another MSIE 0-day: VML