Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-01-05
Brad Duncan
More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-02
Brad Duncan
obama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-08-19
Brad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
2022-07-07
Brad Duncan
Emotet infection with Cobalt Strike
2022-06-17
Brad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-04-06
Brad Duncan
Windows MetaStealer Malware
2022-03-16
Brad Duncan
Qakbot infection with Cobalt Strike and VNC activity
2021-12-31
Jan Kopriva
Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-11-16
Brad Duncan
Emotet Returns
2021-10-22
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-08-13
Brad Duncan
Example of Danabot distributed through malspam
2021-07-26
Didier Stevens
Failed Malspam: Recovering The Password
2021-07-14
Jan Kopriva
One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-04-06
Jan Kopriva
Malspam with Lokibot vs. Outlook and RFCs
2021-02-24
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2021-02-17
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-13
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-09
Brad Duncan
Recent Qakbot (Qbot) activity
2020-10-14
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-10
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-04-01
Brad Duncan
Qakbot malspam sent from an infected Windows host
2020-03-25
Brad Duncan
Recent Dridex activity
2020-02-12
Brad Duncan
Malpsam pushes Ursnif through Italian language Word docs
2020-02-03
Jan Kopriva
Analysis of a triple-encrypted AZORult downloader
2020-01-22
Brad Duncan
German language malspam pushes Ursnif
2020-01-16
Jan Kopriva
Picks of 2019 malware - the large, the small and the one full of null bytes
2019-12-18
Brad Duncan
Emotet infection with spambot activity
2019-12-11
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-12-03
Brad Duncan
Ursnif infection with Dridex
2019-11-20
Brad Duncan
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-13
Brad Duncan
An example of malspam pushing Lokibot malware, November 2019
2019-11-06
Brad Duncan
More malspam pushing Formbook
2019-10-02
Brad Duncan
A recent example of Emotet malspam
2019-09-25
Brad Duncan
Malspam pushing Quasar RAT
2019-09-18
Brad Duncan
Emotet malspam is back
2019-06-18
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-03-13
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06
Brad Duncan
Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-02-20
Brad Duncan
More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-06
Brad Duncan
Hancitor malspam and infection traffic from Tuesday 2019-02-05
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-16
Brad Duncan
Emotet infections and follow-up malware
2019-01-10
Brad Duncan
Heartbreaking Emails: "Love You" Malspam
2018-12-18
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-05
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
2018-12-04
Brad Duncan
Malspam pushing Lokibot malware
2018-11-29
Brad Duncan
Russian language malspam pushing Shade (Troldesh) ransomware
2018-11-15
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-11-14
Brad Duncan
Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-10-31
Brad Duncan
More malspam using password-protected Word docs
2018-10-30
Brad Duncan
Campaign evolution: Hancitor malspam starts pushing Ursnif this week
2018-09-26
Brad Duncan
One Emotet infection leads to three follow-up malware infections
2018-08-15
Brad Duncan
More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-08-02
Brad Duncan
DHL-themed malspam reveals embedded malware in animated gif
2018-07-27
Brad Duncan
Malspam with password-protected Word docs pushes Hermes ransomware
2018-07-24
Brad Duncan
Recent Emotet activity
2017-11-30
Brad Duncan
More Malspam pushing Emotet malware
2017-10-19
Brad Duncan
HSBC-themed malspam uses ISO attachments to push Loki Bot malware
2017-10-17
Brad Duncan
Hancitor malspam uses DDE attack
2017-09-18
Xavier Mertens
Getting some intelligence from malspam
2017-09-01
Brad Duncan
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-07-26
Brad Duncan
Malspam pushing Emotet malware
2017-07-14
Brad Duncan
NemucodAES and the malspam that distributes it
2017-06-28
Brad Duncan
Catching up with Blank Slate: a malspam campaign still going strong
2017-05-24
Brad Duncan
Jaff ransomware gets a makeover
2017-04-11
Brad Duncan
Dridex malspam seen on Monday 2017-04-10
2017-02-10
Brad Duncan
Hancitor/Pony malspam
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
This site is powered by
your submissions
, so tell us
what you see happening