Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
2022-04-20
Brad Duncan
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-25
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-01-22
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06
Xavier Mertens
Malicious Microsoft Word Remains A Key Infection Vector
2021-04-23
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-03
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-23
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-05
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2021-02-03
Brad Duncan
Excel spreadsheets push SystemBC malware
2021-02-02
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-14
Bojan Zdrnja
Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-09
Brad Duncan
Recent Qakbot (Qbot) activity
2020-11-09
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-10-26
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-18
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-09-10
Brad Duncan
Recent Dridex activity
2020-08-26
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-07
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-15
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-10
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-06-12
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-06-01
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-20
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-03-29
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-18
Brad Duncan
Trickbot gtag red5 distributed as a DLL file
2020-03-09
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06
Xavier Mertens
A Safe Excel Sheet Not So Safe
2020-02-24
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-02-21
Xavier Mertens
Quick Analysis of an Encrypted Compound Document Format
2020-01-22
Brad Duncan
German language malspam pushes Ursnif
2020-01-09
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-11
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-12-04
Jan Kopriva
Analysis of a strangely poetic malware
2019-10-02
Brad Duncan
A recent example of Emotet malspam
2019-09-18
Brad Duncan
Emotet malspam is back
2019-06-18
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-03-17
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-03-13
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-15
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-01
Xavier Mertens
Diving into a Simple Maldoc Generator
2017-12-19
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-16
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-02-26
Guy Bruneau
It is Tax Season - Watch out for Suspicious Attachment
2016-09-30
Xavier Mertens
Another Day, Another Malicious Behaviour
2015-02-19
Daniel Wesemann
Macros? Really?!
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Follow the Internet Storm Center on
Twitter