Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
2024-02-20	Xavier Mertens	Python InfoStealer With Dynamic Sandbox Detection
2024-01-25	Xavier Mertens	Facebook AdsManager Targeted by a Python Infostealer
2023-12-22	Xavier Mertens	Shall We Play a Game?
2023-09-29	Xavier Mertens	Are You Still Storing Passwords In Plain Text Files?
2023-06-19	Xavier Mertens	Malware Delivered Through .inf File
2023-05-04	Xavier Mertens	Infostealer Embedded in a Word Document
2023-03-12	Guy Bruneau	AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-01	Xavier Mertens	Python Infostealer Targeting Gamers
2023-02-18	Guy Bruneau	Spear Phishing Handlers for Username/Password
2023-02-04	Guy Bruneau	Assemblyline as a Malware Analysis Sandbox
2023-01-21	Guy Bruneau	DShield Sensor JSON Log to Elasticsearch
2023-01-08	Guy Bruneau	DShield Sensor JSON Log Analysis
2022-12-21	Guy Bruneau	DShield Sensor Setup in Azure
2022-12-18	Guy Bruneau	Infostealer Malware with Double Extension
2022-08-13	Guy Bruneau	Phishing HTML Attachment as Voicemail Audio Transcription
2022-08-11	Xavier Mertens	InfoStealer Script Based on Curl and NSudo
2022-03-23	Brad Duncan	Arkei Variants: From Vidar to Mars Stealer
2022-03-09	Xavier Mertens	Infostealer in a Batch File
2022-02-13	Guy Bruneau	DHL Spear Phishing to Capture Username/Password
2021-12-21	Xavier Mertens	More Undetected PowerShell Dropper
2021-12-14	Johannes Ullrich	Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-01	Xavier Mertens	Info-Stealer Using webhook.site to Exfiltrate Data
2021-05-08	Guy Bruneau	Who is Probing the Internet for Research Purposes?
2021-04-06	Jan Kopriva	Malspam with Lokibot vs. Outlook and RFCs
2021-03-31	Xavier Mertens	Quick Analysis of a Modular InfoStealer
2021-03-12	Guy Bruneau	Microsoft DHCP Logs Shipped to ELK
2020-12-29	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-09-17	Xavier Mertens	Suspicious Endpoint Containment with OSSEC
2019-11-27	Brad Duncan	Finding an Agent Tesla malware sample
2019-10-09	Brad Duncan	What data does Vidar malware steal from an infected host?
2019-01-24	Brad Duncan	Malspam with Word docs uses macro to run Powershell script and steal system data
2018-11-11	Pasquale Stirparo	Community contribution: joining forces or multiply solutions?
2017-05-06	Xavier Mertens	The story of the CFO and CEO...
2016-10-02	Guy Bruneau	Is there an Infosec Cybersecurity Talent Shortage?
2015-01-23	Adrien de Beaupre	Infocon change to yellow for Adobe Flash issues
2014-09-26	Richard Porter	Why We Have Moved to InfoCon:Yellow
2014-05-22	Johannes Ullrich	Discontinuing Support for ISC Alert Task Bar Icon
2014-04-26	Guy Bruneau	New Project by Linux Foundation - Core Infrastructure Initiative
2014-04-14	Kevin Shortt	INFOCon Green: Heartbleed - on the mend
2013-02-17	Guy Bruneau	HP ArcSight Connector Appliance and Logger Vulnerabilities
2012-03-16	Swa Frantzen	INFOCON Yellow - Microsoft RDP - MS12-020
2012-01-19	Chris Mohan	WHOIS contacts are your friends
2012-01-13	Guy Bruneau	Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-08-15	Rob VandenBrink	8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-02-05	Guy Bruneau	OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12	Richard Porter	How Many Loyalty Cards do you Carry?
2010-12-26	Manuel Humberto Santander Pelaez	ISC infocon monitor app for OS X
2010-10-22	Manuel Humberto Santander Pelaez	Intypedia project
2010-08-05	Rob VandenBrink	Access Controls for Network Infrastructure
2010-07-24	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-07-20	Manuel Humberto Santander Pelaez	Lowering infocon back to green
2010-06-15	Manuel Humberto Santander Pelaez	iPhone 4 Order Security Breach Exposes Private Information
2010-04-21	Guy Bruneau	Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-03-27	Guy Bruneau	HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-01-17	Mark Hofman	Why not Yellow?
2009-11-29	Patrick Nolan	A Cloudy Weekend
2009-10-22	Adrien de Beaupre	Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-04	Guy Bruneau	Samba Security Information Disclosure and DoS
2009-10-02	Stephen Hall	New SysInternal fun for the weekend
2009-09-05	Mark Hofman	Critical Infrastructure and dependencies
2009-08-01	Deborah Hale	Website Warnings
2009-07-13	Adrien de Beaupre	* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10	Guy Bruneau	WordPress Fixes Multiple vulnerabilities
2009-07-07	Marcus Sachs	* INFOCON Status - staying green
2009-06-11	Rick Wanner	MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-03-02	Swa Frantzen	Obama's leaked chopper blueprints: anything we can learn?
2008-09-11	David Goldsmith	CookieMonster is coming to Pown (err, Town)
2008-08-12	Johannes Ullrich	Upcoming Infocon Test and new Color
2008-07-02	Jim Clausing	Another little script I threw together
2008-06-25	Deborah Hale	Report of Coreflood.dr Infection
2008-04-07	John Bambenek	HP USB Keys Shipped with Malware for your Proliant Server
2006-10-02	Jim Clausing	Back to green, but the exploits are still running wild