Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
2023-06-09	Xavier Mertens	Undetected PowerShell Backdoor Disguised as a Profile File
2023-03-18	Xavier Mertens	Old Backdoor, New Obfuscation
2023-02-09	Xavier Mertens	A Backdoor with Smart Screenshot Capability
2022-10-07	Xavier Mertens	Powershell Backdoor with DGA Capability
2022-05-09	Xavier Mertens	Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-03-18	Johannes Ullrich	Scans for Movable Type Vulnerability (CVE-2021-20837)
2021-12-15	Xavier Mertens	Simple but Undetected PowerShell Backdoor
2021-11-21	Didier Stevens	Backdooring PAM
2021-11-08	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-07-02	Xavier Mertens	"inception.py"... Multiple Base64 Encodings
2021-05-28	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2020-12-24	Xavier Mertens	Malicious Word Document Delivering an Octopus Backdoor
2020-12-10	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2020-11-25	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-07-11	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2018-12-16	Guy Bruneau	Random Port Scan for Open RDP Backdoor
2018-06-13	Xavier Mertens	A Bunch of Compromized Wordpress Sites
2018-03-05	Xavier Mertens	Malicious Bash Script with Multiple Features
2017-09-18	Xavier Mertens	CCleaner 5.33 compromised - http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
2017-09-14	Xavier Mertens	Another webshell, another backdoor!
2017-05-12	Xavier Mertens	When Bad Guys are Pwning Bad Guys...
2017-02-28	Xavier Mertens	Analysis of a Simple PHP Backdoor
2016-01-21	Jim Clausing	Scanning for Fortinet ssh backdoor
2015-06-26	Daniel Wesemann	Cisco default credentials - again!
2014-07-08	Johannes Ullrich	Hardcoded Netgear Prosafe Switch Password
2014-07-02	Johannes Ullrich	Cisco Unified Communications Domain Manager Update
2014-01-10	Basil Alawi S.Taher	Cisco Small Business Devices backdoor fix
2014-01-02	Johannes Ullrich	Scans Increase for New Linksys Backdoor (32764/TCP)
2013-12-24	Daniel Wesemann	Unfriendly crontab additions
2013-12-16	Tom Webb	The case of Minerd
2013-11-05	Daniel Wesemann	Is your vacuum cleaner sending spam?
2012-05-18	Johannes Ullrich	ZTE Score M Android Phone backdoor
2011-07-04	Deborah Hale	VSFTP Backdoor in Source Code
2010-12-15	Johannes Ullrich	OpenBSD IPSec "Backdoor"
2010-12-02	Kevin Johnson	ProFTPD distribution servers compromised
2010-08-30	Adrien de Beaupre	Apple QuickTime potential vulnerability/backdoor
2009-10-05	Adrien de Beaupre	Cyber Security Awareness Month - Day 5 port 31337