Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2022-05-20Xavier MertensA 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-04-20Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-02-18Xavier MertensRemcos RAT Delivered Through Double Compressed Archive
2021-10-31Didier StevensVideo: Phishing ZIP With Malformed Filename
2021-10-24Didier StevensPhishing ZIP With Malformed Filename
2021-09-08Brad Duncan"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-08-13Brad DuncanExample of Danabot distributed through malspam
2021-07-26Didier StevensFailed Malspam: Recovering The Password
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-05-13Brad DuncanMalspam with links to zip archives pushes Dridex malware
2020-05-03Didier StevensZIP & AES
2020-04-26Didier StevensVideo: Malformed .docm File
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2020-04-04Didier StevensNew Bypass Technique or Corrupt Word Document?
2020-03-25Brad DuncanRecent Dridex activity
2020-01-22Brad DuncanGerman language malspam pushes Ursnif
2019-03-14Didier StevensTip: Ghidra & ZIP Files
2018-12-17Didier StevensPassword Protected ZIP with Maldoc
2017-08-26Didier StevensMalware analysis: searching for dots
2016-11-22Didier StevensUpdate:ZIP With Comment
2016-11-21Didier StevensZIP With Comment