Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
LOAD BALANCER
2022-05-25
Rob VandenBrink
Using NMAP to Assess Hosts in Load Balanced Clusters
LOAD
2024-10-15/a>
Johannes Ullrich
Angular-base64-update Demo Script Exploited (CVE-2024-42640)
2024-06-06/a>
Xavier Mertens
Malicious Python Script with a "Best Before" Date
2024-05-27/a>
Jan Kopriva
Files with TXZ extension used as malspam attachments
2024-01-12/a>
Xavier Mertens
One File, Two Payloads
2023-12-15/a>
Xavier Mertens
CSharp Payload Phoning to a CobaltStrike Server
2023-11-18/a>
Xavier Mertens
Quasar RAT Delivered Through Updated SharpLoader
2023-07-12/a>
Brad Duncan
Loader activity for Formbook "QM18"
2023-06-29/a>
Brad Duncan
GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-24/a>
Guy Bruneau
Email Spam with Attachment Modiloader
2023-06-17/a>
Brad Duncan
Formbook from Possible ModiLoader (DBatLoader)
2023-05-30/a>
Brad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-03-11/a>
Xavier Mertens
Overview of a Mirai Payload Generator
2022-11-04/a>
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-11-02/a>
Brad Duncan
Who put the "Dark" in DarkVNC?
2022-09-25/a>
Didier Stevens
Downloading Samples From Takendown Domains
2022-09-18/a>
Tom Webb
Preventing ISO Malware
2022-05-25/a>
Rob VandenBrink
Using NMAP to Assess Hosts in Load Balanced Clusters
2022-05-23/a>
Johannes Ullrich
Attacker Scanning for jQuery-File-Upload
2022-03-24/a>
Xavier Mertens
Malware Delivered Through Free Sharing Tool
2022-02-11/a>
Xavier Mertens
CinaRAT Delivered Through HTML ID Attributes
2021-11-19/a>
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-11-04/a>
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-09-08/a>
Brad Duncan
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-08-11/a>
Brad Duncan
TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-29/a>
Xavier Mertens
Malicious Content Delivered Through archive.org
2021-05-18/a>
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-02-24/a>
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2020-10-22/a>
Jan Kopriva
BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-06-10/a>
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-24/a>
Didier Stevens
Zloader Maldoc Analysis With xlm-deobfuscator
2020-04-10/a>
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-04-08/a>
Brad Duncan
German malspam pushes ZLoader malware
2019-12-05/a>
Jan Kopriva
E-mail from Agent Tesla
2019-11-08/a>
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-07-05/a>
Didier Stevens
A "Stream O" Maldoc
2019-07-02/a>
Xavier Mertens
Malicious Script With Multiple Payloads
2019-07-01/a>
Didier Stevens
Maldoc: Payloads in User Forms
2018-11-18/a>
Guy Bruneau
Multipurpose PCAP Analysis Tool
2018-11-05/a>
Johannes Ullrich
Struts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-03-12/a>
Xavier Mertens
Payload delivery via SMB
2018-01-26/a>
Xavier Mertens
Investigating Microsoft BITS Activity
2017-02-10/a>
Brad Duncan
Hancitor/Pony malspam
2014-02-05/a>
Johannes Ullrich
To Merrillville or Sochi: How Dangerous is it to travel?
2010-03-24/a>
Johannes Ullrich
".sys" Directories Delivering Driveby Downloads
2009-12-28/a>
Johannes Ullrich
8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-03-17/a>
Johannes Ullrich
Identifying applications using UDP payload
2008-07-11/a>
Jim Clausing
Handling the load
BALANCER
2022-05-25/a>
Rob VandenBrink
Using NMAP to Assess Hosts in Load Balanced Clusters
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Learn
about the Internet Storm Center
and our
volunteer InfoSec handlers