Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword

SANS Site Network

Current Site

SANS Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Date	Author	Title
2021-09-15	Brad Duncan	Hancitor campaign abusing Microsoft's OneDrive
2021-08-11	Brad Duncan	TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-02-02	Xavier Mertens	New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26	Brad Duncan	TA551 (Shathak) Word docs push Qakbot (Qbot)
2020-10-14	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)