Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-08-24
Brad Duncan
Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-07-07
Brad Duncan
Emotet infection with Cobalt Strike
2022-04-06
Brad Duncan
Windows MetaStealer Malware
2022-01-21
Xavier Mertens
Obscure Wininet.dll Feature?
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-02
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-19
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-11-16
Brad Duncan
Emotet Returns
2021-10-21
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-08
Brad Duncan
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-07-06
Xavier Mertens
Python DLL Injection Check
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-05-21
Xavier Mertens
Locking Kernel32.dll As Anti-Debugging Technique
2021-05-18
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-03
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-17
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-02-11
Jan Kopriva
Agent Tesla hidden in a historical anti-malware tool
2021-01-26
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2020-09-10
Brad Duncan
Recent Dridex activity
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-03-25
Brad Duncan
Recent Dridex activity
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-08-21
Xavier Mertens
Malicious DLL Loaded Through AutoIT
2016-06-03
Tom Liston
MySQL is YourSQL
2015-09-29
Pedro Bueno
Tricks for DLL analysis
2013-11-09
Guy Bruneau
IE Zero-Day Vulnerability Exploiting msvcrt.dll
2010-12-01
Deborah Hale
McAfee Security Bulletin Released
2010-08-23
Bojan Zdrnja
DLL hijacking vulnerabilities
2010-08-05
Manuel Humberto Santander Pelaez
Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2006-09-19
Swa Frantzen
Yet another MSIE 0-day: VML
Homepage
Diaries
Podcasts
Jobs
Data
HTTP Header Activity
TCP/UDP Port Activity
Port Trends
Presentations & Papers
SSH/Telnet Scanning Activity
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Weblogs
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Fightback
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Make the web a better place by
sharing the SANS Internet Storm Center
with others
