Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-01-19
Jan Kopriva
SPF and DMARC use on 100k most popular domains
2023-01-05
Brad Duncan
More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-02
Brad Duncan
obama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-11-19
Guy Bruneau
McAfee Fake Antivirus Phishing Campaign is Back!
2022-10-15
Guy Bruneau
Malware - Covid Vaccination Supplier Declaration
2022-08-19
Brad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
2022-07-07
Brad Duncan
Emotet infection with Cobalt Strike
2022-06-17
Brad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-04-06
Brad Duncan
Windows MetaStealer Malware
2022-03-16
Brad Duncan
Qakbot infection with Cobalt Strike and VNC activity
2022-02-09
Brad Duncan
Example of Cobalt Strike from Emotet infection
2022-01-25
Brad Duncan
Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-31
Jan Kopriva
Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-11-16
Brad Duncan
Emotet Returns
2021-10-22
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-09-17
Xavier Mertens
Malicious Calendar Subscriptions Are Back?
2021-09-02
Xavier Mertens
Attackers Will Always Abuse Major Events in our Lifes
2021-08-13
Brad Duncan
Example of Danabot distributed through malspam
2021-07-26
Didier Stevens
Failed Malspam: Recovering The Password
2021-07-14
Jan Kopriva
One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-05-29
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-04-16
Rick Wanner
Querying Spamhaus for IP reputation
2021-04-06
Jan Kopriva
Malspam with Lokibot vs. Outlook and RFCs
2021-03-05
Xavier Mertens
Spam Farm Spotted in the Wild
2021-02-24
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2021-02-17
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-01-20
Brad Duncan
Qakbot activity resumes after holiday break
2021-01-13
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-09
Brad Duncan
Recent Qakbot (Qbot) activity
2020-10-31
Didier Stevens
More File Selection Gaffes
2020-10-14
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-10
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-06-16
Johannes Ullrich
Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-10
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-04-01
Brad Duncan
Qakbot malspam sent from an infected Windows host
2020-03-25
Brad Duncan
Recent Dridex activity
2020-03-05
Xavier Mertens
Will You Put Your Password in a Survey?
2020-02-12
Brad Duncan
Malpsam pushes Ursnif through Italian language Word docs
2020-02-03
Jan Kopriva
Analysis of a triple-encrypted AZORult downloader
2020-01-22
Brad Duncan
German language malspam pushes Ursnif
2020-01-16
Jan Kopriva
Picks of 2019 malware - the large, the small and the one full of null bytes
2019-12-18
Brad Duncan
Emotet infection with spambot activity
2019-12-11
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-12-03
Brad Duncan
Ursnif infection with Dridex
2019-11-20
Brad Duncan
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-13
Brad Duncan
An example of malspam pushing Lokibot malware, November 2019
2019-11-09
Guy Bruneau
Fake Netflix Update Request by Text
2019-11-06
Brad Duncan
More malspam pushing Formbook
2019-10-02
Brad Duncan
A recent example of Emotet malspam
2019-10-01
Johannes Ullrich
A Quick Look at Some Current Comment Spam
2019-09-25
Brad Duncan
Malspam pushing Quasar RAT
2019-09-18
Brad Duncan
Emotet malspam is back
2019-06-18
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-04-07
Guy Bruneau
Fake Office 365 Payment Information Update
2019-03-21
Xavier Mertens
New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-13
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06
Brad Duncan
Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-02-20
Brad Duncan
More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-06
Brad Duncan
Hancitor malspam and infection traffic from Tuesday 2019-02-05
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-16
Brad Duncan
Emotet infections and follow-up malware
2019-01-10
Brad Duncan
Heartbreaking Emails: "Love You" Malspam
2018-12-18
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-05
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
2018-12-04
Brad Duncan
Malspam pushing Lokibot malware
2018-11-29
Brad Duncan
Russian language malspam pushing Shade (Troldesh) ransomware
2018-11-15
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-11-14
Brad Duncan
Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-10-31
Brad Duncan
More malspam using password-protected Word docs
2018-10-30
Brad Duncan
Campaign evolution: Hancitor malspam starts pushing Ursnif this week
2018-10-05
Jim Clausing
A strange spam
2018-09-26
Brad Duncan
One Emotet infection leads to three follow-up malware infections
2018-08-15
Brad Duncan
More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-08-02
Brad Duncan
DHL-themed malspam reveals embedded malware in animated gif
2018-07-27
Brad Duncan
Malspam with password-protected Word docs pushes Hermes ransomware
2018-07-24
Brad Duncan
Recent Emotet activity
2018-06-18
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-06-13
Xavier Mertens
A Bunch of Compromized Wordpress Sites
2018-03-02
Xavier Mertens
Common Patterns Used in Phishing Campaigns Files
2018-02-01
Xavier Mertens
Adaptive Phishing Kit
2017-12-18
Didier Stevens
Phish or scam? - Part 2
2017-12-17
Didier Stevens
Phish or scam? - Part 1
2017-11-30
Brad Duncan
More Malspam pushing Emotet malware
2017-10-19
Brad Duncan
HSBC-themed malspam uses ISO attachments to push Loki Bot malware
2017-10-17
Brad Duncan
Hancitor malspam uses DDE attack
2017-09-18
Xavier Mertens
Getting some intelligence from malspam
2017-09-01
Brad Duncan
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-08-14
Didier Stevens
Sometimes it's just SPAM
2017-07-26
Brad Duncan
Malspam pushing Emotet malware
2017-07-14
Brad Duncan
NemucodAES and the malspam that distributes it
2017-06-28
Brad Duncan
Catching up with Blank Slate: a malspam campaign still going strong
2017-05-24
Brad Duncan
Jaff ransomware gets a makeover
2017-04-11
Brad Duncan
Dridex malspam seen on Monday 2017-04-10
2017-03-28
Xavier Mertens
Logical & Physical Security Correlation
2017-02-10
Brad Duncan
Hancitor/Pony malspam
2016-10-25
Xavier Mertens
Another Day, Another Spam...
2016-10-19
Xavier Mertens
Spam Delivered via .ICS Files
2016-06-20
Xavier Mertens
Ongoing Spam Campaign Related to Swift
2016-05-12
Xavier Mertens
Another Day, Another Wave of Phishing Emails
2015-12-06
Mark Hofman
Malware SPAM a new run has started.
2015-09-01
Daniel Wesemann
Gift card from Marriott?
2015-06-22
Johannes Ullrich
SMTP Brute Forcing
2015-04-09
Brad Duncan
An example of the malicious emails sometimes sent to the ISC handler addresses
2015-03-23
Rick Wanner
Interesting Home Depot Spam
2015-01-31
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-09-17
Daniel Wesemann
Your online background check is now public!
2014-08-05
Johannes Ullrich
Legal Threat Spam: Sometimes it Gets Personal
2014-06-17
Rob VandenBrink
Canada's Anti-Spam Legislation (CASL) 2014
2014-06-08
Guy Bruneau
efax Spam Containing Malware
2014-04-05
Jim Clausing
Those strange e-mails with URLs in them can lead to Android malware
2014-03-22
Guy Bruneau
How the Compromise of a User Account Lead to a Spam Incident
2014-02-21
Johannes Ullrich
UPS Malware Spam Using Fake SPF Headers
2014-01-24
Johannes Ullrich
How to send mass e-mail the right way
2013-12-24
Daniel Wesemann
Mr Jones wants you to appear in court!
2013-10-17
Adrien de Beaupre
New spamming technique - onmicrosoft.com
2013-09-30
Adrien de Beaupre
Twitter DM spam/malware
2013-09-03
Rob VandenBrink
Is "Reputation Backscatter" a Thing?
2013-07-18
Chris Mohan
Blog Spam - annoying junk or a source of intelligence?
2013-03-28
John Bambenek
Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-26
Daniel Wesemann
How your Webhosting Account is Getting Abused
2013-03-18
Kevin Shortt
Spamhaus DDOS
2013-02-08
Kevin Shortt
Is it Spam or Is it Malware?
2012-12-06
Daniel Wesemann
Rich Quick Make Money!
2012-10-10
Kevin Shortt
Facebook Scam Spam
2012-09-09
Guy Bruneau
Phishing/Spam Pretending to be from BBB
2012-08-22
Adrien de Beaupre
Phishing/spam via SMS
2012-03-21
Johannes Ullrich
Virus Bulletin Spam Filter Test
2012-02-17
Mark Hofman
Intersting Facebook SPAM
2011-11-28
Rob VandenBrink
It's Cyber Monday - Click Here!
2011-11-16
Adrien de Beaupre
GET BACK TO ME ASAP
2011-10-20
Johannes Ullrich
Evil Printers Sending Mail
2011-08-31
Johannes Ullrich
Phishing e-mail to custom e-mail addresses
2011-06-30
Guy Bruneau
Symantec Report - Spam Surge against Social Networks
2011-06-27
Kevin Shortt
Phishy Spam
2011-06-08
Johannes Ullrich
Spam from compromised Hotmail accounts
2011-03-29
Daniel Wesemann
Requesting deletion of "free" email and chat accounts
2011-01-11
Kevin Shortt
Spam Cannons on Holiday
2010-12-03
Mark Hofman
T'is the season to be SPAMMY, trallalalaa la la la laaa
2010-11-22
Lenny Zeltser
Adobe Acrobat Spam Going Strong - More to Come?
2010-09-18
Rick Wanner
I'm fine, thanks!
2010-08-29
Swa Frantzen
Abandoned free email accounts
2010-07-15
Deborah Hale
Be on the Alert
2010-07-03
Deborah Hale
Delivery Status Failure Notice That Packed A Wallop
2010-06-21
Adrien de Beaupre
GoDaddy Scam/Phish/Spam
2010-06-10
Deborah Hale
Another Morning of Fun
2010-06-02
Rob VandenBrink
SPAM pretending to be from Habitat for Humanity
2010-04-22
Deborah Hale
Don't Be Fooled by Twitter Spam in Your Inbox
2010-04-13
Johannes Ullrich
More Legal Threat Malware E-Mail
2010-03-17
Deborah Hale
Spam was killing us! Here is what we did to help!
2010-03-15
Adrien de Beaupre
Spamassassin Milter Plugin Remote Root Attack
2010-02-03
Johannes Ullrich
Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/
2009-12-02
Rob VandenBrink
SPAM and Malware taking advantage of H1N1 concerns
2009-11-03
Andre Ludwig
SURBL now posting abuse statistics for TLD's
2009-10-12
Mark Hofman
Some interesting SSL SPAM
2009-10-08
Johannes Ullrich
Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-07
Joel Esler
Spam rate increase is seen
2009-09-10
Johannes Ullrich
Healthcare Spam
2009-07-28
Adrien de Beaupre
Twitter spam/phish
2009-06-25
Mark Hofman
Michael J & Farrah F death SPAM
2009-06-20
Scott Fendley
Situational Awareness: Spam Crisis and China
2009-04-06
Adrien de Beaupre
Abuse addresses
2009-01-25
Rick Wanner
Twam?? Twammers?
2009-01-16
G. N. White
...and all that SPAM - Evolution of Spam Bots in 2009
2008-09-09
Swa Frantzen
The complaint that's an attack
2008-08-13
Adrien de Beaupre
CNN switched to MSNBC
2008-08-10
Stephen Hall
Fake IE 7 update spam doing the rounds
2008-08-06
Bojan Zdrnja
When spammers use your own e-mails
2008-08-05
Daniel Wesemann
The news update you never asked for
2008-05-02
Adrien de Beaupre
Hi, remember me?...
2008-04-22
donald smith
Spam to your calendar via Google agenda?
2008-03-26
Raul Siles
ORDB.org blocklisting all IP addresses
2006-10-08
Swa Frantzen
Spam Backscatter
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Follow updates by subscribing to the handler's
diary RSS feed